Frameworks & Standards
We use the following accepted frameworks and standards as a baseline for cybersecurity reviews and based on client specific considerations.
This international standard provides a series of best practices to help organizations improve their information security.
ISO/IEC 27001 explains the best practices in information security.
ISO/IEC 27002 explains the information security controls that organizations might choose to implement.
ISO/IEC 27017 & ISO/IEC 27018 explain how organizations should protect sensitive information in the Cloud.
ISO/IEC 27701 covers what organizations need to do when implementing Privacy Information Management Systems
NIST SP 800-53 rev.4
Even though specific to U.S. government agencies, the NIST SP 800-53 model could be applied in any industry and should not be overlooked by companies looking to build an information security program.
Cybersecurity service provider, Edmonton, Alberta Canada
This cybersecurity framework focuses on risk analysis and risk management. The security controls included in this framework are based on the defined phases of risk management: identify, protect, detect, respond and recovery.
This framework does not address risk analysis or risk management like the NIST CSF, and is solely focused on hardening technical infrastructure to reduce risk and increase resiliency.
This OWASP application security verification standard provides a basis for testing application technical security controls, as well as any technical security controls in the environment, that are relied on to protect against vulnerabilities such as Cross-Site Scripting (XSS) and SQL injection. This standard can be used to establish a level of confidence in the security of Web applications.