Preventing cyber crime and security breaches is vital for all organisations, but it can be challenging to know which cyber security measures to prioritise.
Benchmarking your security controls against an established standard is a good way of ensuring you are following best practice. However, with so many cyber security standards and frameworks to choose from, how do you know which best suits your needs?
This page provides an overview of some of the most popular cyber security standards available and their requirements.
10 steps to cyber security
The UK government published its 10 steps to cyber security in 2012, and it is now used by the majority of FTSE 350 organisations.
The 10 steps provide a top-level understanding of cyber security, using broad descriptions and objectives, and set out high-level controls that most organisations can easily implement.
IT Governance offers a cyber security risk assessment service based on the framework.
Minimise cyber security vulnerability in your organisation
Cyber Essentials is a UK government scheme that sets out five basic security controls to protect organisations against around 80% of common cyber attacks.
The scheme’s certification process is designed to help organisations of any size demonstrate their commitment to cyber security while keeping the approach simple and the costs low.
Learn more about Cyber Essentials
Minimum Cyber Security Standard
The MCSS (Minimum Cyber Security Standard) is the first in a proposed series of technical standards to be developed by the UK government in collaboration with the NCSC (National Cyber Security Centre). It will be incorporated into the Government Functional Standard for Security when it is published.
The MCSS sets out a series of mandatory cyber resilience outcomes that all government departments must achieve to meet their obligations under the SPF (Security Policy Framework) and National Cyber Security Strategy.
The Standard can also be used by any other organisation to benchmark its cyber resilience efforts.
Learn more about the MCSS
PAS 555 supplies a holistic framework for effective cyber security. It not only considers the technical aspects but also the related physical, cultural and behavioural aspects of an organisation’s approach to addressing cyber threats. This includes effective leadership and governance.
The Standard applies to the whole organisation and its supply chain. This avoids the dangers that can arise when security measures fail to cover the whole of the business. It is an adaptable approach that can apply to any organisation, whatever its size or type, whether commercial, not-for-profit or public sector.
Learn more about PAS 555
ISO 27001 is the international standard that sets out the specification for an ISMS (information security management system).
Its best-practice approach helps organisations manage their information security by addressing people and processes as well as technology.
The Standard offers a set of 114 best-practice security controls that can be applied based on the risks you face. These controls are then implemented as part of a broad organisational structure to achieve externally assessed and certified compliance.
Independently accredited certification to the Standard is recognised around the world as an indication that your ISMS is aligned with information security best practice.
Learn more about ISO 27001
ISO 27032 is the definitive standard offering guidance on cyber security management.
The Standard recognises the vectors that cyber attacks rely upon and includes guidelines for protecting your information beyond the borders of your organisation. This can include partnerships, collaborations or other information-sharing arrangements with clients and suppliers.
As part of the ISO 27000 series of information security standards, ISO 27032 can be integrated with your ISMS by reviewing and expanding your information security risk assessment and updating the policies, processes and training your organisation needs.
Learn more about ISO 27032
ISO 22301 provides a best-practice framework for implementing an optimised BCMS (business continuity management system). This enables organisations to minimise business disruption and continue operating in the event of an incident.
Learn more about ISO 22301
ISO 27031 encompasses ICT (information and communication technology) preparedness for business continuity. It provides a framework of methods and processes for developing an organisation's IRBC (ICT readiness for business continuity) programme.
Learn more about ISO 27031
The CSA (Cloud Security Alliance) CCM (Cloud Controls Matrix) is a set of controls designed to maximise information security for users of Cloud technologies. The matrix offers organisations a set of guidelines to help them maximise the security of their information without relying solely on the Cloud provider’s assurances.
Learn more about the CSA CCM
NIST CSF (Cybersecurity Framework)
The NIST CSF was designed to help organisations identify their cyber security capabilities and needs, and to develop a pathway to achieving their cyber security compliance objectives.
The framework is divided into three parts: the Core, Implementation Tiers and Profiles. These elements coordinate the security controls and the organisation’s approach to implementing them.
Learn more about the NIST CSF
Discover our full range of cyber security standards
Browse cyber security standards in the leading UK and international cyber security standards bookstore.
Shop cyber security standards