I ask this under the context of professional development and not necessarily a compliance/regulatory perspective.
What particular ISO standard, NIST SP, or anything similar would you as a professional consider a baseline for "must-have" knowledge regardless if you were just starting out or a senior-level person?
While I find it unlikely most people (as individuals) would be willing to dish out cash for all the numerous (albeit useful) standards and the like, I'm curious if there's something out there most people consider equivalent to the ten commandments but for cyber/infosec.
@AppDefects I agree, but with the creation of the ISO/IEC 27701 as an extension to 27001, then at least these two by default.
"ISO/IEC 27701* is a privacy extension to ISO/IEC 27001 Information Security Management and ISO/IEC 27002 Security Controls. An international management system standard, it provides guidance on the protection of privacy, including how organizations should manage personal information, and assists in demonstrating compliance with privacy regulations around the world."
Regards
Caute_cautim
Of the 27K series; 27001, 27002, 27005 and 27035 are all worth reading.
@non-expert wrote:....
What particular ISO standard, NIST SP, or anything similar would you as a professional consider a baseline for "must-have" knowledge regardless if you were just starting out or a senior-level person?
...
Bryan,
Lurking in all fo the replies so far is the kernel to understand: both sets of standards, from ISO/IEC and NIST, are based on families of standards, not stand-alone publications. If you choose to follow the NIST SP's you must become familiar with the entire set of Risk Management Framework (RMF) SPs to include SP 800-37, -53A. -160, and others. If you choose to follow the ISO/IEC standards, reading 27001 will show you that you need to accumulate the full set of standards under that umbrella.
You mentioned cost. All of the NIST publications are completely free, while the ISO/IEC standards area mix of free and very costly. The copyright restrictions on the ISOIEC standards are such that for the ones with a price, that buys you ONLY ONE COPY, and disallows sharing digital copies, even within your organization.
Good luck! And you asked a great question. Thank you.
Craig