SZNS ISO IEC 27032: 2012 Information technology- Security techniques- Guidelines for Cyber security

E677.81

This National Standard provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on other security domains.

Clear
SKU: N/A Category: Tags: ,

Description

This National Standard provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on other security domains, in particular:

  • — information security,
  • — network security,
  • — internet security, and
  • — critical information infrastructure protection (CIIP).

It covers the baseline security practices for stakeholders in the Cyberspace. This National Standard provides:

  • — an overview of Cybersecurity,
  • — an explanation of the relationship between Cybersecurity and other types of security,
  • — a definition of stakeholders and a description of their roles in Cybersecurity,
  • — guidance for addressing common Cybersecurity issues, and
  • — a framework to enable stakeholders to collaborate on resolving Cybersecurity issues

TABLE OF CONTENTS

Content Page
1 Scope 3
2 Applicability 3
3 Normative references 4
4 Terms and definitions 4
5 Abbreviated terms 10
6 Overwiew 11
6.1 Introduction 11
6.2 The nature of the cyberspace 12
6.3 The nature of the cybersecurity 12
6.4  General model 14
6.5 Approach 16
7 Stakeholders in the cyberspace 17
7.1 Overview 17
7.2 Consumers 17
7.3 Providers 17
8 Assests in the cyberspace 18
8.1 Overview 18
8.2 Personal assets 18
8.3 Organizational assets 19
9 Threats against the security of the cyberspace 19
9.1 Threats 19
9.2 Threats agents 20
9.3 Vulnerabilities 20
9.4 Attack mechanisms 20
10 Roles of Stakeholders in cybersecurity 23
10.1 Overview 23
10.2 Roles of consumers 23
10.3 Roles of providers 25
11 Guidelines for Stakeholders 25
11.1 Overview 25
11.2 Risk Assessment and treatment 26
11.3 Guidelines for consumers 27
11.4 Guidelines for organization and service providers 29
12 Cybersecurity controls 33
12.1 Overview 33
12.2 Application level controls 33
12.3 Server protection 34
12.4 End user controls 34
12.5 Controls against social engineering attacks 36
12.6 Cybersecurity readiness 36
12.7 Other controls 39
13 Framework of information sharing and cordination 39
13.1 General 39
13.2 Policies 39
13.3 Methods and processes 41
13.4 People and organizations 42
13.5 Technical 43
13.6 Implementation guidance 44
Annex A ( Informative) Cybersecurity readiness 46
Annex B ( Informative ) additional resources 50
Annex C (Informative ) examples of related documents 53
Bibliography 57

Additional information

Format

PDF, Hardcopy