1 /
Cyber Defense and Counter measures – C842
1.ISO/IEC 27001:2013: Requirements for establishing, implementing,
maintain- ing and continually improving an information security
management system
2.ISO/IEC 27002: Guidelines for organizational information security
standards and information security management practices
3.ISO/IEC 27035: Defines recommendations and best practices for
developing an efficient incident management plan.
4.FIPS (Federal Information Processing Standards) 200: Defines
computer systems usage for the US federal government.
5.NIST Special Publication 800 Series: information regarding computer
security: best practices, guidelines, recommendations, technical
details, and annual reports of NIST’s cybersecurity activities.
6.NERC 1300 Cyber Security: Standard to reduce risks to the reliability
2 /
of bulk electric systems from any compromise of their critical cyber
assets
7.RFC 2196: Computer security policies and procedures for sites that
have sys- tems on the internet.
8.CIS Critical Security Controls: Actions that form a defense-in-depth
set of practices that mitigate common attacks against systems /
networks.
9.Sarbanes-Oxley Act (SOX): Protects investors and public by
increasing accu- racy / reliability of corporate disclosures
10.Health Insurance Portability and Accountability Act (HIPAA):
Protections for individually identifiable health information
11.Federal Information Security Management Act (FISMA): Framework for
ensuring effectiveness of InfoSec controls over information resources
that support federal operations and assets.
12.Gramm-Leach-Bliley Act (GLBA): Financial companies required to
explain information-sharing practices to customers & safeguard
sensitive data
13.Data Protection Act 2018: Provisions for GDPR