Managing Risk in Information Systems, 3rd Edition

Standards and Guidelines for Compliance

Several standards and guidelines exist that can be used to assess and improve security. Most of these standards are optional. However, some are mandatory for certain sectors. For example, the PCI DSS is required for merchants using specific credit cards.

The standards and guidelines covered in this section include:

Payment Card Industry Data Security Standard (PCI DSS)
National Institute of Standards and Technology (NIST)
Generally Accepted Information Security Principles (GAISP)
Control Objectives for Information and Related Technology (COBIT)
International Organization for Standardization (ISO)
International Electrotechnical Commission (IEC)
Information Technology Infrastructure Library (ITIL)
Capability ...

Get Managing Risk in Information Systems, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Managing Risk in Information Systems, 3rd Edition by Darril Gibson, Andy Igonor

Standards and Guidelines for Compliance

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly