Cybersecurity experts are (essentially) tasked to protect information with need-to-know attributes. As the digital world has expanded to a global scale, this often touches data and/or assets in jurisdictions other than the United States. While cybersecurity experts must find creative ways of protecting information, they must also adhere to industry standards in order to remain compliant themselves. Research and discuss at least two international standards, laws, rules, or regulations that require cybersecurity expert compliance.
Background
there is a need to understand that what is the requirement of
international standards.
there are two important terms de facto and de jure
De facto means that the way, the concerned operation are
performed is true in fact, but that is not officially
approved.
De jure means that the way, the concerned operation are performed
is in accordance with law (i.e. that is officially approved).
So , in real world, both the approach are being used.
but, in case of cyber security/cyber laws, the standards should
have the support of law.
1.
there are two organizations working together to provide the
standards for information security at global level.
a)International Organization for Standardization (ISO)
b)International Electrotechnical Commission (IEC)
the above combination(ISO+IEC) comprises several national
bodies.
these bodies participate in the development of international
standards and consult the technical committees to establish
the
international standards.
The information security management system focuses on the
confidentiality,
integrity and availability
of information by applying a risk management process.
the standard follows the Plan-Do-Check-Act (PDCA) model.
Plan: establish the ISMS policies/objectives as per the
requirement of risk management.
Do: it focuses on the implementation and operation of the ISMS
policies
Check: assess/measure/review the performance of process against
policy;
Act: take corrective and preventative actions based on the feedback
of internal ISMS audit.
2.
Information Systems Audit and Control Association( ISACA ).this
organization provides certification for the professionals.
Code of Professional Ethics set by ISACA
a)professionals should perform their duties with objectivity,
diligence and professional care, according to the professional
standards.
b)professionals should maintain competency in their respective
domains and they should take only those tasks they can complete
with the necessary skills, knowledge and
competence/experience.
c)Maintain the privacy/confidentiality of data/information obtained
in the course of performing their duties.
other
IS Audit and Assurance Standards are applied to professionals
who are involved in IS audit
and assurance activities and are engaged in providing assurance
over components of IS systems,
applications and infrastructure.these standards, guidelines, and IS
audit and assurance procedures
are also useful for the users of IS audit and assurance
reports.
Cybersecurity experts are (essentially) tasked to protect information with need-to-know attributes. As the digital world has...
I need a summary and your thought about this article. Ethics In The Digital Age: Protect Others' Data As You Would Your Own It has been a year since the European Union implemented its General Data Protection Regulation (GDPR), a landmark privacy law aimed at curtailing the widespread use of personal information – without the full understanding or consent of the people concerned– for monetary gain, especially by major tech companies. What seemed bold and daring in 2018 is being...
Risk management in Information Security today Everyday information security professionals are bombarded with marketing messages around risk and threat management, fostering an environment in which objectives seem clear: manage risk, manage threat, stop attacks, identify attackers. These objectives aren't wrong, but they are fundamentally misleading.In this session we'll examine the state of the information security industry in order to understand how the current climate fails to address the true needs of the business. We'll use those lessons as a foundation...
Please read the article and answer about questions. You and the Law Business and law are inseparable. For B-Money, the two predictably merged when he was negotiat- ing a deal for his tracks. At other times, the merger is unpredictable, like when your business faces an unexpected auto accident, product recall, or government regulation change. In either type of situation, when business owners know the law, they can better protect themselves and sometimes even avoid the problems completely. This chapter...