Standards are documented specifications that ensure that products, services, and systems are secure, reliable, and consistent. They unify and improve industries with requirements, recommendations, or procedures for activities or products. Standards provide information on security management systems based on industry best practices. The DYNAMO project promotes an integrated approach designed to enhance cyber situational awareness for critical sectors such as healthcare, energy, and maritime transport. This study is part of project efforts to map relevant cybersecurity standards with the research question: how can standards enhance cyber resilience?
The article presents a desktop study, including a cross-case analysis. Results show that surprisingly little is written on the practical experiences of using standards, with a lack of evidence-based experience in implementing and using standards in practice. Many benefits are presented by the standardization bodies themselves. These include compliance with legal requirements, competitive advantages, lower costs, and organisational improvements for ISO 22301. Information security professionals can use ISO/IEC 27001 to help define requirements and enhance a company’s compliance and organisational improvement, and the NIST framework supports them in making informed risk management decisions while offering a high-level strategic view of an organisation’s cybersecurity risk management lifecycle.