Abstract

Cybersecurity standards on a global scale are exhaustive, appealing to several types, such as glossaries, guidelines, methods, and objectives (e.g., Information Technology evaluation, requirement identification, risk management, and technical specifications). This chaotic range of standards towards the rapid pace of technological and threat evolution hinders stakeholders (e.g., security architects/developers, policymakers, testers, and auditors) from discovering which standards best meet their security needs. The paper analyzes this challenge and contributes to harmonizing standards by identifying relationships between the EU regulation and prominent cybersecurity standards. The current work develops a taxonomy that classifies cybersecurity standards according to their objective, usage, and sector, aiming to help stakeholders understand their purpose and decide which they should adopt to cover their organizational needs. The taxonomy is represented in a semantic ontology, following the Web Ontology Language Edition 2 knowledge engineering approach. A realistic scenario is described to illustrate the applicability of the taxonomy.

Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
IT Governance and the Maturity of IT Risk Management Practices
Julia L Higgs ... Robert E Pinsker
Journal of Information Systems | VOL. 31
Julia L Higgs, et. al.Julia L Higgs ... Robert E Pinsker
01 Dec 2015
A Study of Information Technology Risk Management of Government and Business Organizations in Thailand using COSO-ERM based on the COBIT 5 Framework
Sakchai Tangprasert
The Journal of Applied Science | VOL. 19
Sakchai TangprasertSakchai Tangprasert
29 Jun 2020
Electronic Health Record in Hospitals: A Theoretical Framework for Collaborative Lifecycle Risk Management
Journal of Healthcare Communications | VOL. 1
01 Jan 2015
TOPM: a formal approach to the optimization of information technology risk management
Karin P Badenhorst ... Jan H.P Eloff
Computers & Security | VOL. 13
Karin P Badenhorst, et. al.Karin P Badenhorst ... Jan H.P Eloff
01 Jan 1993
View more papers

More From: Journal of Surveillance, Security and Safety

Paper Title
Journal
Date
Author
Crafting organizational security policies for critical infrastructures: an architectural approach
Tanja Pavleska ... Helder Aranha
Journal of Surveillance, Security and Safety | VOL. 5
Tanja Pavleska, et. al.Tanja Pavleska ... Helder Aranha
06 May 2024
A taxonomy for cybersecurity standards
Eleni-Maria Kalogeraki ... Nineta Polemi
Journal of Surveillance, Security and Safety | VOL. 5
Eleni-Maria Kalogeraki, et. al.Eleni-Maria Kalogeraki ... Nineta Polemi
28 Apr 2024
TENNER: intrusion detection models for industrial networks based on ensemble learning
Nicole Do Vale Dalarmelina ... Geraldo Pereira Rocha Filho
Journal of Surveillance, Security and Safety | VOL. 5
Nicole Do Vale Dalarmelina, et. al.Nicole Do Vale Dalarmelina ... Geraldo Pereira Rocha Filho
20 Apr 2024
Improved differential fault analysis of Grain128-AEAD
Iftekhar Salam ... Tianyu Fang
Journal of Surveillance, Security and Safety | VOL. 5
Iftekhar Salam, et. al.Iftekhar Salam ... Tianyu Fang
30 Mar 2024
View more papers