ISO 27002 NIST and the Cybersecurity Framework
Assign topic to the user
Answer: All these references provides guidance on the implementation of security controls. ISO 27002 provides guidance on the controls from Annex A from ISO 27001 standard. NIST Special Publications from 800 series (SP-800), provides a series of documents with more detailed recommendations either on implementation of controls (e.g., cryptography, access control, etc.) as well as about implementation of a risk management framework. Cybersecurity Framework is kind of a specific application of NIST documents related to cyber environment.
These articles will provide you further explanation about these documents:
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
- How to use the NIST SP800 series of standards for ISO 27001 implementation https://advisera.com/27001academy/blog/2016/05/02/how-to-use-the-nist-sp800-series-of-standards-for-iso-27001-implementation/
- How to use NIST SP 800-53 for the implementation of ISO 27001 controls https://advisera.com/27001academy/blog/2016/05/10/how-to-use-nist-sp-800-53-for-the-implementation-of-iso-27001-controls/
- Which one to go with – Cybersecurity Framework or ISO 27001? https://advisera.com/27001academy/blog/2014/02/24/which-one-to-go-with-cybersecurity-framework-or-iso-27001/
Comment as guest or Sign in
Sep 02, 2017