IT sector-specific standards represent worldwide initiatives for improving IT and computer security. They were usually developed by specialists from the IT sector for a purpose of the IT sector.

They are very robust IT security frameworks, with strong IT approach, that require a comprehensive knowledge and specific experience of the experts, for dealing with the specification of the frameworks in a proper manner.

Because of its specifics, the maintaining of the frameworks represent a great challenge for the organization. Particularly in a sense of IT over specifics, communication misunderstanding and well-known Business-IT gap.

Certification of compliance, performed by independent and objective certification body helps an organization to verify existing security practices and build a clearer understanding of the existing cybersecurity setup. Most of the IT-specific standards have some form of accredited certification scheme but with this service, the organization gets a sort of a ‘second opinion’ or an ‘alternative view’ onto cybersecurity arrangements.

IT-specific certifications:

NIST
(SP 800, SP 1800)
Control Objectives for Information and Related Technologies
TickIT Plus

SW-specific certifications:

Software life cycle processes