ISO 27001, NIST CSF and NERC CIP
Assign topic to the user
I am thinking whether I can approach the Cybersecurity in a risk management framework , from risk management strategy to identify and access the risk , build Cybersecurity program and security assurance architecture , mitigate the risk from Cybersecurity plan with security control in ISO 27001 Annex A against the control category in NIST CSF which comply with NERC CIP 02-09.
Answer: We're not experts in NERC CIP, but it seems that it is possible to combine these three frameworks. The following material will give you an overview on how to integrate ISO 27001 and NIST CSF:
- Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/
- How to implement the NIST Cyber Security Framework using ISO 27001 https://info.advisera.com/27001academy/free-download/how-to-implement-nist-cyber-security-framework-using-iso-27001
and since the correlation between NIST CSF and NERC CIP is already mapped, the integration between these three would follow the same logic.
Comment as guest or Sign in
May 09, 2018