Cybersecurity Standards: Why Organizations Should Care
In an era where data is a valuable asset, having cybersecurity standards in place not only helps protect against risk, but is also what your customers and business partners expect from your organization
Commonly used standards
• ISO/IEC 27001: Information Security Management System (ISMS) standard
• NIST Cybersecurity Framework (CSF): A US-based framework for cyber risk management.
• PDPA: Thailand’s Personal Data Protection Act
• PCI-DSS: For organizations that accept credit card payments, financial information must be protected
Reasons why standards should be followed
• Reduce the risk of attack
• Build customer confidence
• Complies with applicable laws
• Increase business competitiveness
Standards are not a burden, but a way to build security in a world full of cyber threats
...
How to get started?
• Gap Assessment against relevant standards
• Develop improvement plans and establish security policies
• Train employees to understand and comply
• Use consultants or internal teams to prepare for the audit