Chapter 28: Baseline

If Cyber Essentials does not go far enough, or if you are looking for something recognised outside the UK, then your next stop will almost certainly be the NIST CSF (see 28.1) or ISO 27001 (see 28.2). Both form a good baseline for starting to develop a solid cyber security framework.

28.1 NIST CSF

The NIST CSF offers a straightforward yet flexible framework. The Framework can help organisations establish a new cyber security programme or improve existing practices, and can be implemented alongside other frameworks such as ISO 27001 (see 28.2). Combining a standard you can certify against with the NIST CSF can be a good idea, as the latter lacks a certification pathway but is intended to be highly tailorable.

There are three ...

Get The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Cyber Security Handbook – Prepare for, respond to and recover from cyber attacks by Alan Calder

CHAPTER 28: BASELINE

28.1 NIST CSF

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly