CyberSecurity Comparison of PCI DSS NERC-CIP & SANS TOP 20 CSC
This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution.
If you would like additional information or assistance with the customization and implementation of a balanced risk
management process for your security program then please contact Mark @ 604-349-6557 or firstname.lastname@example.org
This document compares CyberSecurity Framework ISO/IEC 27001 to other information security
frameworks PCI DSS, NERC-CIP & SANS TOP 20 CSC. These frameworks specialize in cardholder
information protection, critical electrical infrastructure protection and CyberSecurity. The following
matrix compares these frameworks to the more mature Internationally accepted ISO/IEC 27001 and its
obvious to see the opportunities for improvement or wholesale adoption. ISO/IEC 27001 only
represents the minimum standard for effective information security programs. Based on a risk
assessment its possible to increase the level of security where its is justifiable building on this base.