Skip to content
Home

Publication Type

In cybersecurity, there are different types of documents that together structure governance and compliance: laws and regulations (e.g., binding legal texts such as the EU’s General Data Protection Regulation) impose mandatory requirements and sanctions; contractual obligations translate security expectations into enforceable commitments between parties (such as security clauses in supplier agreements); standards (like ISO/IEC 27001) define certifiable best practices; frameworks (for example, the NIST Cybersecurity Framework) provide structured guidance to assess and improve security posture; guidelines offer non-binding recommendations and practical interpretation; and tools support implementation through technical or methodological means (e.g., risk assessment or vulnerability scanning tools). Together, these instruments differ in legal force, level of prescriptiveness, and operational purpose, but collectively shape an organization’s cybersecurity posture.

NIST SP 800-55 Vol. 2 Measurement Guide for Information Security: Volume 2 — Developing an Information Security Measurement Program

The NIST Special Publication 800-55, Volume 2, titled “Measurement Guide for Information Security,” provides a flexible methodology and workflow for developing an information security measurement program. It is designed to… Read More »NIST SP 800-55 Vol. 2 Measurement Guide for Information Security: Volume 2 — Developing an Information Security Measurement Program

NIST SP 800-55 Vol. 1 Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures

NIST Special Publication 800-55 Volume 1, titled “Measurement Guide for Information Security,” provides a flexible and comprehensive approach for developing, selecting, and prioritizing information security measures at the organizational, mission/business,… Read More »NIST SP 800-55 Vol. 1 Measurement Guide for Information Security: Volume 1 — Identifying and Selecting Measures

ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation

ISO/IEC 27004 is an international standard that provides guidelines for monitoring, measuring, analyzing, and evaluating the performance and effectiveness of an Information Security Management System (ISMS) based on ISO/IEC 27001.… Read More »ISO/IEC 27004:2016 Information technology — Security techniques — Information security management — Monitoring, measurement, analysis and evaluation