CyberSecurity Comparison of PCI DSS NERC-CIP & SANS TOP 20 CSC

1,793 views

Published on

CyberSecurity Comparison of PCI DSS NERC-CIP & SANS TOP 20 CSC

Published in: Business
4 Comments
3 Likes
Statistics
Notes
No Downloads
Views
Total views
1,793
On SlideShare
0
From Embeds
0
Number of Embeds
50
Actions
Shares
0
Downloads
69
Comments
4
Likes
3
Embeds 0
No embeds

No notes for slide

CyberSecurity Comparison of PCI DSS NERC-CIP & SANS TOP 20 CSC

  1. 1. This information has been shared freely by Mark E.S. Bernard. If you find it useful please acknowledge this contribution. If you would like additional information or assistance with the customization and implementation of a balanced risk management process for your security program then please contact Mark @ 604-349-6557 or mesbernard@gmail.com This document compares CyberSecurity Framework ISO/IEC 27001 to other information security frameworks PCI DSS, NERC-CIP & SANS TOP 20 CSC. These frameworks specialize in cardholder information protection, critical electrical infrastructure protection and CyberSecurity. The following matrix compares these frameworks to the more mature Internationally accepted ISO/IEC 27001 and its obvious to see the opportunities for improvement or wholesale adoption. ISO/IEC 27001 only represents the minimum standard for effective information security programs. Based on a risk assessment its possible to increase the level of security where its is justifiable building on this base. ManagementSystem NotEvident“Huge”GAP GAPsareEvidentwithintheintegratedcontrol frameworks.Someriskareasareweekwhile othersarecompletelymissing.

×