WOWLS! Aerospace

// THREAT DETECTION AND DATA PRIVACY TERM

Security Standard

A security standard is a documented set of requirements, controls, and best practices that an organization must follow to protect its information systems and data from various threats. It establishes a minimum baseline for an acceptable security posture.

Security Standard — illustration from Wikipedia
Image via Wikipedia

TECHNICAL DEFINITION

A Security Standard defines authoritative guidelines, controls, and policies for information security and data protection within an organization, serving as a foundational component for establishing a robust cybersecurity posture, achieving regulatory compliance, and mitigating cyber risks by ensuring the confidentiality, integrity, and availability of digital assets.

BACKGROUND

Computer security is a subdiscipline within the field of information security. It focuses on protecting computer software, systems, and networks from threats that can lead to unauthorized information disclosure, theft, or damage to hardware, software, or data, as well as to the disruption or misdirection of the services they provide.

READ MORE ON WIKIPEDIA

SYNONYMS & ALIASES

  • Security Framework
  • Cybersecurity Standard
  • InfoSec Standard
  • IT Security Standard
  • Compliance Standard
  • Security Guidelines

USAGE NOTE

Organizations adopt security standards to ensure consistent application of security controls, facilitate audits, and demonstrate adherence to regulatory requirements and industry best practices.

DEVELOPERS

Organizations developing technology related to Security Standard.

  • National Institute of Standards and Technology (NIST)

    A U.S. government agency that develops cybersecurity standards, guidelines, and frameworks (such as the NIST Cybersecurity Framework and SP 800 series) to protect information and information systems.

  • International Organization for Standardization (ISO)

    A global body that develops international standards across various industries, including information security management systems (e.g., ISO/IEC 27001).

  • Payment Card Industry Security Standards Council (PCI SSC)

    An organization responsible for managing the Payment Card Industry Data Security Standard (PCI DSS), which sets requirements for organizations handling branded credit cards.

  • Center for Internet Security (CIS)

    A non-profit organization that develops and promotes best practices and standards, including the CIS Controls and CIS Benchmarks, to help organizations improve their cybersecurity posture.

  • Open Web Application Security Project (OWASP)

    A non-profit foundation focused on improving software security. It produces widely recognized standards and resources like the OWASP Top 10 and various application security testing guides.

  • Cloud Security Alliance (CSA)

    A not-for-profit organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, including the Cloud Controls Matrix (CCM).

  • MITRE Corporation

    A not-for-profit organization that operates federally funded research and development centers, known for developing widely adopted frameworks like MITRE ATT&CK and D3FEND, which serve as cybersecurity standards.

RELATED TERMS IN COMPLIANCE & PRIVACY

BACK TO CYBERSECURITY & DEFENSE LEXICON