为满足国际标准 ISO/IEC 27001:2022 的要求而使用的 CIS 基准概述

Y. Kurii, I. Opirskyy
{"title":"为满足国际标准 ISO/IEC 27001:2022 的要求而使用的 CIS 基准概述","authors":"Y. Kurii, I. Opirskyy","doi":"10.23939/csn2024.01.089","DOIUrl":null,"url":null,"abstract":"The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to guide organizations in meeting the stringent requirements of ISO 27001:2022. Through the study of the CIS benchmarks this article shows how organizations can leverage these guidelines to achieve compliance improve their security posture and protect critical infrastructure from evolving threats. Key words: ISO/IEC 27001:2022 CIS benchmarks information security critical infrastructure security controls configuration management.","PeriodicalId":504130,"journal":{"name":"Computer systems and network","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2024-06-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"OVERVIEW OF THE CIS BENCHMARKS USAGE FOR FULFILLING THE REQUIREMENTS FROM INTERNATIONAL STANDARD ISO/IEC 27001:2022\",\"authors\":\"Y. Kurii, I. Opirskyy\",\"doi\":\"10.23939/csn2024.01.089\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to guide organizations in meeting the stringent requirements of ISO 27001:2022. Through the study of the CIS benchmarks this article shows how organizations can leverage these guidelines to achieve compliance improve their security posture and protect critical infrastructure from evolving threats. Key words: ISO/IEC 27001:2022 CIS benchmarks information security critical infrastructure security controls configuration management.\",\"PeriodicalId\":504130,\"journal\":{\"name\":\"Computer systems and network\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-06-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer systems and network\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.23939/csn2024.01.089\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer systems and network","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.23939/csn2024.01.089","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

摘要

通过实施信息安全领域的公认标准(如 ISO 27001),审议了开发攻击关键基础设施的新方法和新载体以及应对新威胁的问题。分析了 2022 年国际标准 ISO/IEC 27001 的更新版本,特别是控制结构的主要变化。对附录 A - A.8.9 - 配置管理中的新安全控制进行了详细分析。研究重点是将互联网安全中心(CIS)基准作为指导组织满足 ISO 27001:2022 严格要求的资源。通过对 CIS 基准的研究,本文展示了组织如何利用这些准则来实现合规性,改善其安全态势并保护关键基础设施免受不断变化的威胁。关键字ISO/IEC 27001:2022 CIS 基准 信息安全 关键基础设施 安全控制 配置管理。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
OVERVIEW OF THE CIS BENCHMARKS USAGE FOR FULFILLING THE REQUIREMENTS FROM INTERNATIONAL STANDARD ISO/IEC 27001:2022
The problem of developing new methods and vectors of attacks on critical infrastructure and responding to emerging threats through the implementation of recognized standards in the field of information security such as ISO 27001 was considered. The updated edition of the international standard ISO/IEC 27001 of 2022 and in particular the main changes in the structure of controls were analyzed. A detailed analysis of the new security control from Appendix A - A.8.9 - Configuration Management was conducted. The study focuses on the Center for Internet Security (CIS) benchmarks as a resource to guide organizations in meeting the stringent requirements of ISO 27001:2022. Through the study of the CIS benchmarks this article shows how organizations can leverage these guidelines to achieve compliance improve their security posture and protect critical infrastructure from evolving threats. Key words: ISO/IEC 27001:2022 CIS benchmarks information security critical infrastructure security controls configuration management.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信