OVERVIEW OF THE CIS BENCHMARKS USAGE FOR FULFILLING THE REQUIREMENTS FROM INTERNATIONAL STANDARD ISO/IEC 27001:2022-Reference-Cited by-同舟云学术

OVERVIEW OF THE CIS BENCHMARKS USAGE FOR FULFILLING THE REQUIREMENTS FROM INTERNATIONAL STANDARD ISO/IEC 27001:2022

Published:2024-06 Issue:1 Volume:6 Page:89-98
ISSN:2707-2371
Container-title:Computer systems and network
language:
Short-container-title:CSN

Author:

Kurii Y.,Opirskyy I.

Abstract

The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to guide organizations in meeting the stringent requirements of ISO 27001:2022. Through the study of the CIS benchmarks this article shows how organizations can leverage these guidelines to achieve compliance improve their security posture and protect critical infrastructure from evolving threats. Key words: ISO/IEC 27001:2022 CIS benchmarks information security critical infrastructure security controls configuration management.

Publisher

Lviv Polytechnic National University

Reference16 articles.

1. (2022) ISO/IEC 27001: Information security, cybersecurity and privacy protection — Information security management systems — Requirements. URL: https://www.iso.org/standard/82875.html (Accessed: 15 March 2024).

2. (2013) ISO/IEC 27001: Information Technology — Security Techniques — Information Security Management Systems — Requirements. URL: https://www.iso.org/standard/54534.html (Accessed: 15 March 2024).

3. Susukailo V., Opirsky I., Yaremko O. (2022) Methodology of ISMS Establishment Against Modern Cybersecurity Threats. In: Klymash M., Beshley M., Luntovskyy A. (eds) Future Intent-Based Networking. Lecture Notes in Electrical Engineering, vol 831. Springer, Cham. DOI: 10.1007/978-3-030-92435-5_15.

4. Kurii Y. Opirskyy, I. (2021). Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001:2013. Paper presented at the CEUR Workshop Proceedings, 3288, 21-32.

5. (2022) ISO/IEC 27002: Information security, cybersecurity and privacy protection - Information security controls. URL: https://www.iso.org/standard/75652.html (Accessed: 15 March 2024).