Cyber Security Framework Selection: Comparision of Nist and Iso27001

Alshar’e, Marwan

doi:10.52098/acj.202364

Cited by 8 publications

(2 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Marwan Alshar'e in [26] conducted a comparison between the NIST CSF and ISO 27001 cybersecurity frameworks, primarily examining their suitability and selection criteria. The study suggests that organizations should evaluate and adopt specific frameworks based on factors such as their risk maturity level, certification requirements, and a cost-benefit analysis.…”

Section: Sulistyowati Et Al Inmentioning

confidence: 99%

Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks

Grigaliūnas,

Schmidt,

Brūzgienė

et al. 2023

Future Internet

View full text Add to dashboard Cite

A surge in successful Information Security (IS) breaches targeting Research and Education (R&E) institutions highlights a pressing need for enhanced protection. Addressing this, a consortium of European National Research and Education Network (NREN) organizations has developed a unified IS framework. This paper aims to introduce the Security Baseline for NRENs and a security maturity model tailored for R&E entities, derived from established security best practices to meet the specific needs of NRENs, universities, and various research institutions. The models currently in existence do not possess a system to smoothly correlate varying requirement tiers with distinct user groups or scenarios, baseline standards, and existing legislative actions. This segmentation poses a significant hurdle to the community’s capacity to guarantee consistency, congruency, and thorough compliance with a cohesive array of security standards and regulations. By employing taxonomical engineering principles, a mapping of baseline requirements to other security frameworks and regulations has been established. This reveals a correlation across most regulations impacting R&E institutions and uncovers an overlap in the high-level requirements, which is beneficial for the implementation of multiple standards. Consequently, organizations can systematically compare diverse security requirements, pinpoint gaps in their strategy, and formulate a roadmap to bolster their security initiatives.

show abstract

Section: Sulistyowati Et Al Inmentioning

confidence: 99%

Leveraging Taxonomical Engineering for Security Baseline Compliance in International Regulatory Frameworks

Grigaliūnas,

Schmidt,

Brūzgienė

et al. 2023

Future Internet

View full text Add to dashboard Cite

show abstract

“…It is important that organizations implement NIST Framework while continuing to evaluate their current infrastructure using cost-benefit analysis (Gordon et al, 2020). The implementation of specific frameworks should be appraised and utilized by organizations based on their risk maturity level and cost-benefit analysis (Alshar'e, 2023).…”

Section: Review Of Small To Medium-sized Business-reported Breaches O...mentioning

confidence: 99%

Practical Approaches and Guidance to Small Business Organization Cyber Risk and Threat Assessments

2023

JSIS

View full text Add to dashboard Cite

Cyber-attacks and breaches can occur in any organization type, and the areas of small businesses are not exempt from this nefarious activity. This research note and rapid review provide various cybersecurity tools, guidelines, and frameworks that a small business can consider when embarking on the action to assess its cybersecurity hygiene and defensive stance. The content was pulled together in response to the need for an easy-to-digest approach that a small business utilizes to gain valuable confidence to undertake a self-assessment or third-party review of an organization's cybersecurity plans. Regarding cybersecurity concerns, doing nothing is not an option, and taking an initial step to review computing, information technology, and data systems practices will only be beneficial in attempting to sustain a business and organization.

show abstract