Skip to main content

Table 1 Different frameworks of cybersecurity (Kostopoulos 2017)

From: Cybersecurity for eMaintenance in railway infrastructure: risks and consequences

(ISC)2 Common Body of knowledge 10 security domains ISO 27001/27002v2013 114 controls in 14 domains NIST SP800-53v4 224 controls in 18 families Council on cyber security critical security controls-20 controls
1. Access control
2. Telecommunications and network security
3. Information security governance and risk management
4. Software development security
5. Cryptography
6. Security architecture and design
7. Security operations
8. Business continuity and disaster recovery planning
9. Legal, regulations, investigations and compliance
10. Physical (environmental) security
1. Information security policies
2. Organization of information security
3. Human resources security
4. Asset management
5. Access control
6. Cryptography
7. Physical and environmental security
8. Operations security
9. Communications security
10. System acquisition, development, and maintenance
11. Supplier relationships
12. Information security incident management
13. Information security aspect of business continuity management
14. Compliance
1. Access control
2. Awareness and training
3. Audit and accountability
4. Security assessment and authorization
5. Configuration management
6. Contingency planning
7. Identification and authentication
8. Incident response
9. Maintenance
10. Media protection
11. Physical and environmental protection
12. Planning
13. Personnel security
14. Risk assessment
15. System and services acquisition
16. System and communications protection
17. System and information integrity
18. Program management
1. Inventory of devices
2. Inventory of software
3. Secure configurations for computers
4. Continuous vulnerability assessment and remediation
5. Malware defenses
6. Application software security
7. Wireless device control
8. Data recovery capability
9. Security skills assessment and training
10. Security configurations for network devices
11. Network ports, protocols and services
12. Control of administrative privileges
13. Boundary defense
14. Security audit logs
15. Need-to-know access control
16. Account monitoring and control
17. Data loss prevention
18. Incident response capability
19. Secure network engineering
20. Penetration testing and red team exercises