An Overview of Information and Cyber Security Standards

Abstract

Advances in digitalization, particularly those regarding cyber-physical systems (CPS) have stimulated the adoption of digital capabilities such as Industrial IoT, machine learning, cloud services, and the use of digital twins. The increased digital sophistication of CPS is not without risk, particularly regarding the potential for information/cyber security incidents. Whilst the need for security of enterprise information security is not new, A significant challenge is understanding what security standards may be available and applicable when developing security controls and technical measures to protect CPS. This paper explores what research is available regarding the choice and comparison of information/cyber security standards. It provides a snapshot of the security standards landscape at the start of 2024. Issues relating to development and adoption of security standards are examined, illustrated using inconsistencies in language regarding three key terms: availability, integrity, and confidentiality.