Practical Align Overview of the Main Frameworks Used by the Companies to Prevent Cyber Incidents

Abstract

Among the biggest cybercrime or information security challenges, the information security professionals must be up to date with the new risks, cases, and different ways of attacks. Being up to date in this complex and aggressive scenario is a huge challenge and is a necessity to the security professional to fight against the cybercriminals. Additionally, based on this standard of requisites to start an information security program, an immature professional may be confused on the different frameworks used by the industries, mainly ISO/IEC 27000 family, NIST 800-53, NIST Cybersecurity Framework, COBIT, etc. This chapter will help the information security professional to decide where is important to focus efforts, to decide what is feasible and which control does not demand any additional investment. Additionally, this grade helps the InfoSec professionals to compare the information security maturity level within the companies and between the companies, comparing with benchmarks.