{"title":"为满足国际标准 ISO/IEC 27001:2022 的要求而使用的 CIS 基准概述","authors":"Y. Kurii, I. Opirskyy","doi":"10.23939/csn2024.01.089","DOIUrl":null,"url":null,"abstract":"The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to guide organizations in meeting the stringent requirements of ISO 27001:2022. Through the study of the CIS benchmarks this article shows how organizations can leverage these guidelines to achieve compliance improve their security posture and protect critical infrastructure from evolving threats. Key words: ISO/IEC 27001:2022 CIS benchmarks information security critical infrastructure security controls configuration management.","PeriodicalId":504130,"journal":{"name":"Computer systems and network","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"OVERVIEW OF THE CIS BENCHMARKS USAGE FOR FULFILLING THE REQUIREMENTS FROM INTERNATIONAL STANDARD ISO/IEC 27001:2022\",\"authors\":\"Y. Kurii, I. Opirskyy\",\"doi\":\"10.23939/csn2024.01.089\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to guide organizations in meeting the stringent requirements of ISO 27001:2022. Through the study of the CIS benchmarks this article shows how organizations can leverage these guidelines to achieve compliance improve their security posture and protect critical infrastructure from evolving threats. Key words: ISO/IEC 27001:2022 CIS benchmarks information security critical infrastructure security controls configuration management.\",\"PeriodicalId\":504130,\"journal\":{\"name\":\"Computer systems and network\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer systems and network\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23939/csn2024.01.089\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer systems and network","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23939/csn2024.01.089","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
摘要
通过实施信息安全领域的公认标准(如 ISO 27001),审议了开发攻击关键基础设施的新方法和新载体以及应对新威胁的问题。分析了 2022 年国际标准 ISO/IEC 27001 的更新版本,特别是控制结构的主要变化。对附录 A - A.8.9 - 配置管理中的新安全控制进行了详细分析。研究重点是将互联网安全中心(CIS)基准作为指导组织满足 ISO 27001:2022 严格要求的资源。通过对 CIS 基准的研究,本文展示了组织如何利用这些准则来实现合规性,改善其安全态势并保护关键基础设施免受不断变化的威胁。关键字ISO/IEC 27001:2022 CIS 基准 信息安全 关键基础设施 安全控制 配置管理。
OVERVIEW OF THE CIS BENCHMARKS USAGE FOR FULFILLING THE REQUIREMENTS FROM INTERNATIONAL STANDARD ISO/IEC 27001:2022
The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to guide organizations in meeting the stringent requirements of ISO 27001:2022. Through the study of the CIS benchmarks this article shows how organizations can leverage these guidelines to achieve compliance improve their security posture and protect critical infrastructure from evolving threats. Key words: ISO/IEC 27001:2022 CIS benchmarks information security critical infrastructure security controls configuration management.