Preventing cyber crime and security breaches is vital for all organisations, but it can be challenging to know which cyber security measures to prioritise.
Benchmarking your security controls against an established standard is a good way of ensuring you are following best practice. However, with so many cyber security standards and frameworks to choose from, how do you know which best suits your needs?
This page provides an overview of some of the most popular cyber security standards available and their requirements.
10 steps to cyber security
The UK government published its 10 steps to cyber security in 2012, which is now used by the majority of FTSE 350 organisations.
The ten steps provide a top-level understanding of cyber security, using broad descriptions and objectives, and set out high-level controls that most organisations can easily implement.
IT Governance offers a cyber security risk assessment service based on this framework.
Minimise cyber security vulnerability in your organisation
Cyber Essentials
Cyber Essentials is a UK government scheme that helps organisations protect themselves against the most common cyber attacks by showing them how to implement basic security controls. Cyber Essentials is a good first step towards demonstrating that your organisation takes cyber security seriously.
The scheme’s certification process is designed to help organisations of any size prove their commitment to cyber security while keeping the approach simple and the costs low.
Cyber Essentials covers five key areas of cyber security:
- Boundary firewalls and Internet gateways
- Secure configuration
- User access control
- Malware protection
- Patch management
Learn more about Cyber Essentials
Minimum Cyber Security Standard
The MCSS (Minimum Cyber Security Standard) sets out a series of mandatory cyber resilience outcomes that all government departments must achieve to meet their obligations under the Security Policy Framework and National Cyber Security Strategy.
The Standard can also be used by any other organisation to benchmark its cyber resilience efforts.
Learn more about the MCSS
PAS 555
PAS 555 supplies a holistic framework for effective cyber security. It not only considers the technical aspects but also the related physical, cultural and behavioural aspects of an organisation’s approach to addressing cyber threats. This includes effective leadership and governance.
The Standard applies to the whole organisation and its supply chain. This avoids the dangers that can arise when security measures fail to cover the whole of the business. It is an adaptable approach that can apply to any organisation, whatever its size or type, whether commercial, not-for-profit or public sector.
Learn more about PAS 555
ISO/IEC 27001:2013
ISO 27001 is the international standard that sets out the specification for an ISMS (information security management system).
Its best-practice approach helps organisations manage their information security by addressing people, processes and technology.
The Standard offers a set of 114 best-practice security controls that can be applied based on the risks you face. These controls are then implemented as part of a broad organisational structure to achieve externally assessed and certified compliance.
Independently accredited certification to the Standard is recognised around the world as an indication that your ISMS is aligned with information security best practice.
Learn more about ISO 27001
ISO/IEC 27032
ISO 27032 is an international standard for cyber security. It provides guidance for organisations on how to manage cyber security risks and implement security controls. The Standard is based on a risk management framework and includes guidance on topics such as threat intelligence, incident response and security awareness.
As part of the ISO 27000 series of information security standards, ISO 27032 can be integrated with your ISMS by reviewing and expanding your information security risk assessment and updating the policies, processes and training your organisation needs.
ISO 22301:2019
ISO 22301 is an international standard that specifies the requirements for a management system designed to protect an organisation from potential disruptions, such as power outages, IT failures and natural disasters. The Standard can be applied to any organisation, regardless of size or industry.
Learn more about ISO 22301
ISO/IEC 27031:2011
ISO 27031 encompasses ICT (information and communication technology) preparedness for business continuity. It provides a framework of methods and processes for developing an organisation’s ICT readiness for business continuity programme.
Learn more about ISO 27031
CSA CCM
The CSA (Cloud Security Alliance) CCM (Cloud Controls Matrix) is a set of controls designed to maximise information security for users of Cloud technologies. The CCM offers organisations a set of guidelines to help them maximise the security of their information without relying solely on the Cloud provider’s assurances.
Learn more about the CSA CCM
NIST CSF (Cybersecurity Framework)
The NIST CSF is a set of voluntary standards and best practices for cybersecurity risk management. The framework helps organisations manage and protect their information systems from cyber threats. It is designed to be used by all types of organisations, from small businesses to large enterprises.
The framework is divided into three parts: the Core, Implementation Tiers and Profiles. These elements coordinate the security controls and the organisation’s approach to implementing them.
Learn more about the NIST CSF
Discover our full range of cyber security standards
Browse cyber security standards in the leading UK and international cyber security standards store.
Shop cyber security standards
Speak to an expert
Please contact our team for advice and guidance on our products and services.