Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
A Comparative Analysis of Industrial Cybersecurity Standards
University West, Department of Engineering Science, Division of Mathematics, Computer and Surveying Engineering.
Cybersecurity Product Compliance Group,Stockholm (SWE).
2023 (English)In: IEEE Access, E-ISSN 2169-3536, Vol. 11, p. 85315-85332Article in journal (Refereed) Published
Abstract [en]

Cybersecurity standards provide a structured approach to manage and assess cybersecurity risks. They are the primary source for security requirements and controls used by organizations to reduce the likelihood and the impact of cybersecurity attacks. However, the large number of available cybersecurity standards and frameworks make the selection of the right security standards for a specific system challenging. The absence of a comprehensive comparison overlap across these standards further increases the difficulty of the selection process. In situations where new business needs dictate to comply or implement additional security standard, there may be a risk of duplicating existing security requirements and controls between the standards resulting in unnecessary added cost and workload. To optimize the performance and cost benefits of compliance efforts to standards, it is important to analyze cybersecurity standards and identify the overlapping security controls and requirements. In this work, we conduct a comparative study to identify possible overlaps and discrepancies between three security standards: ETSI EN 303 645 v2.1.1 for consumer devices connected to the internet, ISA/IEC 62443-3-3:2019 for industrial automation and control systems, and ISO/IEC 27001:2022 for information security management systems. The standards were carefully chosen for their broad adoption and acceptance by the international community. We intentionally selected standards with different areas of focus to illustrate the significant overlaps that can exist despite being designed for different environments. Our objective is to help organizations select the most suitable security controls for their specific needs and to simplify and clarify the compliance process. Our findings show a significant overlap among the three selected standards. This information can help organizations gain a comprehensive understanding of common security requirements and controls, enabling them to streamline their compliance efforts by eliminating duplicated work especially when meeting the requirements of multiple standards.

Place, publisher, year, edition, pages
2023. Vol. 11, p. 85315-85332
Keywords [en]
cybersecurity, security controls, security standards, cybersecurity concepts, threats, security requirements
National Category
Computer Systems Computer Sciences
Identifiers
URN: urn:nbn:se:hv:diva-20715DOI: 10.1109/ACCESS.2023.3303205ISI: 001051669700001Scopus ID: 2-s2.0-85167838714OAI: oai:DiVA.org:hv-20715DiVA, id: diva2:1798709
Note

CC BY 4.0

Available from: 2023-09-20 Created: 2023-09-20 Last updated: 2024-01-03Bibliographically approved

Open Access in DiVA

fulltext(6250 kB)1065 downloads
File information
File name FULLTEXT01.pdfFile size 6250 kBChecksum SHA-512
58394fdbf726fb35f57cd3b1b8d9ce086a123ba8a8cae7120b6f718b4b21b596451b85ddc32bf25cbe4ab3f1daffe29f46ca14ec1286d6358038c8ea8d98b6e7
Type fulltextMimetype application/pdf

Other links

Publisher's full textScopus

Authority records

Djebbar, Fatiha

Search in DiVA

By author/editor
Djebbar, Fatiha
By organisation
Division of Mathematics, Computer and Surveying Engineering
In the same journal
IEEE Access
Computer SystemsComputer Sciences

Search outside of DiVA

GoogleGoogle Scholar
Total: 1065 downloads
The number of downloads is the sum of all downloads of full texts. It may include eg previous versions that are now no longer available

doi
urn-nbn

Altmetric score

doi
urn-nbn
Total: 148 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf