IT sector-specific standards represent worldwide initiatives for improving IT and computer security. They were usually developed by specialists from the IT sector for the purpose of the IT sector.
They are very robust IT security frameworks, with a strong IT approach, that require a comprehensive knowledge and specific experience of the experts, for dealing with the specification of the frameworks appropriately.
Because of its specifics, maintaining the frameworks represents a great challenge for the organisation. Particularly in a sense of IT over specifics, communication misunderstanding and the well-known Business-IT gap.
Certification of compliance, performed by an independent and objective certification body, helps an organisation to verify existing security practices and build a clearer understanding of the existing cybersecurity setup. Most of the IT-specific standards have some form of accredited certification scheme, but with this service, the organisation gets a sort of ‘second opinion’ or an ‘alternative view’ on cybersecurity arrangements.
IT-specific certifications:
(SP 800, SP 1800)
SW-specific certifications:
