Get 2 Documentation Toolkits for the price of 1
Limited-time offer – ends March 28, 2024

Expert Advice Community

Guest

ISO 27001 vs NIST, CIS and Common Criteria

  Quote
Guest
Guest user Created:   May 15, 2016 Last commented:   May 15, 2016

ISO 27001 vs NIST, CIS and Common Criteria

How does the ISO 27001 compare ( differences, advantages and limitations) to other frameworks such as NIST CSF , CIS Critical Controls and Common Criteria ? AND How does an organisation decide which framework is suitable for it ?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
Antonio Jose Segovia May 15, 2016

Answer:
The main difference between ISO 27001 and other standards (like the NIST series, CIS Critical Controls) is that after the implementation of the standard, you can certify it by a third party, which give warranty that you are compliant with an international standard. You cannot certify in the same way NIST series and/or CIS Critical Controls. Regarding Common Criteria, it is also an ISO standard (ISO 15408), although ISO 27001 is related to the certification of companies, while Common Criteria (ISO 15408) is related to the certification of products.

Regarding the advantages, to be certified on ISO 27001 means that you have a certificate signed by a certification body, and this entity audit your company every year to check if your company is compliant with the standard, which can help your business to im prove your business continually.

Regarding limitations, from my point of view, ISO 27001 is only a standard that defines requirements (says you what you need to do), but does not say you how to do it, so generally you need another standards or best practices (ISO 27002, ISO 27799, etc) for the implementation of ISO 27001.

The decision should be made depending the needs of the business, I mean, if the business need a certificate signed by an third party to show to their customers that they are compliant with an international standard related to information security, the best standard is ISO 27001. If not, the company should decide the best standard depending on their needs and the benefits of each standard.

If you want to learn information about ISO 27001, our online course can be useful for you “ISO ” : https://advisera.com/training/iso-27001-foundations-course/

Quote
0 2

Comment as guest or Sign in

HTML tags are not allowed

May 14, 2016

May 14, 2016

Suggested Topics