Cyber Security Management System
   HOME

TheInfoList



Click Here for Items Related To - Cyber Security Management System
OR:
Cyber Security Management System on:   [Wikipedia]   [Google]   [Amazon]

A Cyber Security Management System is a form of
Information security management system Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The co ...
, particularly focussed on protecting automation and transport systems. The EU Cybersecurity Act, of 2019, led to the creation of
UNECE The United Nations Economic Commission for Europe (ECE or UNECE) is an intergovernmental organization or a specialized body of the United Nations. The UNECE is one of five regional commissions under the jurisdiction of the United Nations Econ ...
working groups which developed the Cyber Security Management Systems (CSMS) concept (and also an approach for securing over-the-air updates of vehicle systems), which were formalised in
UN Regulation 155 The United Nations (UN) is the global intergovernmental organization established by the signing of the UN Charter on 26 June 1945 with the stated purpose of maintaining international peace and security, to develop friendly relations among sta ...
.


Context

Security technologies, and threats, can evolve much more quickly than regulatory bodies; so the CSMS emphasises a system of technologies and processes which can adapt more quickly, without relying on a narrowly-defined list of technical controls in a standard. Consequently, the CSMS is intended to be technology-neutral, much like
ISO 27001 ISO/IEC 27001 is an information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the st ...
, unlike detailed technical security standards such as
PCI DSS The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard used to handle credit cards from major card brands. The standard is administered by the Payment Card Industry Security Standards Council, and its use ...
.


Framework


See also

* IEC 62443 * ISO/SAE 21434 *
ISO/IEC 27001 ISO/IEC 27001 is an information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the st ...
* Cyber Essentials


References

{{reflist


Further reading


Draft Recommendation on Cyber Security of the Task Force on Cyber Security and Over-the-air issues of UNECE WP.29 GRVA
Information assurance standards Information governance