Cybersecurity Compliance Frameworks- a pragmatic view with an IT outsourcing company case study
DOI:
https://doi.org/10.69971/sl.1.1.2024.6Keywords:
NIST Cyber security framework, NIS, GDPR, Cyberfox, critical evaluation, ISO 27004, ISO 27005, ISO 27006, ISO 27014Abstract
This paper practically deals with the theoretical base drawn from the standards and rules posed by various international bodies in terms of information security. To start with, this paper defines what security framework is applied practically to an IT outsourcing company based in UK named Cyberfox. Hence the relevant laws of the land are analyzed like NIS (The Network and Information Systems Regulations 2018) and GDPR (General Data Protection Regulations). By doing so, a framework in cyber security is tried to be fit in for this company called Cyberfox. By careful analysis and critical evaluation ofthe pros and cons of such companies’ framework and whether it is a workable model is discussed in the first half of the paper. The second half of the paper basically details the NIST (National Institute of Standards & Technology) cyber security framework and the Internal Organization of Standardization protocols in respect to 4 specific standards like Information Security Management systems (ISMS) measurement (ISO 27004), Information security risk management (ISO 27005), Requirements of bodies providing audit services (ISO 27006) and Governance of Information Security (ISO 27014). All these four are studied for their merits and demerits for practical purposes.
References
Cid, Ramiro. 2016. IT Governance & ISO 38500. 2016. Available online: https://www.slideshare.net/slideshow/it-governance-iso-38500/64575586 (accessed on 13 July 2024).
Clark, James, Ward Johanne. 2018. UK: The network and information systems regulations 2018. Available online: https://www.dlapiperdataprotection.com/index.html?t=law&c=GB (accessed on 13 July 2024).
Cloud Security Alliance (CSA). 2019. Definition. Deutschland: tech target. Available online: https://www.techtarget.com/searchsecurity/definition/Cloud-Security-Alliance-CSA (accessed on 13 July 2024).
Dakks Deutsche Akkreditierungsstelle DDA. 2015. Documents: Report / Checklist ISO/IEC 27006: Available online: https://www.dakks.de/files/Dokumentensuche/Dateien/M%20Datenschutz.pdf, 2017 (accessed on 13 July 2024).
Dutch Accreditation Council. 2015. Explanation concerning the implementation of ISO/IEC 27006:2015. Available online: https://www.rva.nl/wp-content/uploads/2021/07/T033-UK-200218.pdf (accessed on 13 July 2024).
Faris, Sophia, Soukaina Elhasnaoui, Hicham Medromi, Hajar Iguer and Adil Sayout. 2014. IJACSA toward an effective information security risk management of universities’ information systems using multi agent systems, Itil, Iso 27002, ISO 27005. International Journal of Advanced Computer Science and Applications 5:114-118. https://dx.doi.org/10.14569/IJACSA.2014.050617
ISO/IE C 27004:2016. Information security management- monitoring, measurement, analysis and evaluation. International Standard Second Edition 15-12-2016. Ref# ISO/ IEC 27004:2016€, 2016.
ISO/IEC 27005:2011. Information security risk management. International Standard First Edition. Available online: https://www.iso.org/standard/56742.html (accessed on 13 July 2024).
ISO/IEC 27006:2015. Requirements of bodies providing audit and certification of ISMS. International Standard First Edition. Available online: https://www.iso.org/standard/62313.html (accessed on 13 July 2024).
Mahn, Amy. 2018. Identify, protect, detect, respond and recover: The NIST cybersecurity framework. Available online: https://www.nist.gov/blogs/taking-measure/identify-protect-detect-respond-and-recover-nist-cybersecurity-framework (accessed on 13 July 2024).
Mani, Vimal.2022. Strengthening cybersecurity with red team engagements. ISACA Journal 1:1-6. https://www.isaca.org/resources/isaca- journal/issues/2022/volume-1/strengthening-cybersecurity-with-red-team-engagements
Niekerk, van Brett, Pierre Jacobs.2015. Toward a secure data center model. ISACA Journal 3: 1-10. https://www.isaca.org/resources/isaca- journal/issues/2015/volume-3/toward-a-secure-data-center-model
NIST. 2018. Cloud Computing. Available online: https://csrc.nist.gov/Projects/cloud-computing (accessed on 13 July 2024).
NIST. 2018. Cybersecurity framework. Version 1.1. Available online: https://www.nist.gov/cyberframework/csf-11-archive (accessed on 13 July 2024).
Robinson, Rachel John. 2020. Structuring IS framework for controlled corporate through statistical survey analytics. Journal of Data, Information and Management 2: 167-184. https://link.springer.com/article/10.1007/s42488-020-00021-3
Robinson, Rachel John. 2023. Cloud systems with its security, privacy and trust claims to a sustainable solution. 3rd International Conference on Electrical, Computer, Communications and Mechatronics Engineering (ICECCME). https://doi.org/10.1109/ICECCME57830.2023.10252796.
Robinson, Rachel John. 2023. Insights on cloud security management. Cloud Computing and Data Science 2:212-222. https://doi.org/10.37256/ccds.4220233292
Shackelford, Scott J., Proia Andrew, Proia Andrew, Martell Brenton and Craig Amanda. 2015. Toward a global cybersecurity standard of care? Exploring the implications of the 2014 NIST cybersecurity framework on shaping reasonable national and international cybersecurity practices. Texas International Law Journal 50:305-355. https://ssrn.com/abstract=2446631
Shiroya, Aarti Himmatbhai, Rachel John Robinson. 2023. Strategic risk management case analysis of restaurant industry. Global Journal of Tourism, Leisure and Hospitality Management 1: 1-14. 10.19080/GJTLH.2023.01.555552
SSH Academy. 2018. NIST cybersecurity framework - summary & guidance. Available online: https://www.ssh.com/academy/compliance/cybersecurity-framework (accessed on 13 July 2024).
Downloads
Published
Issue
Section
License
Copyright (c) 2024 Authors
This work is licensed under a Creative Commons Attribution 4.0 International License.