Scribd
Upload
180 views4 pages

Cybersecurity Competency Framework - Reference - Links

The document outlines the normative references for cybersecurity practice, including: 1. Laws, regulations and policies from the Philippines government that relate to cybersecurity, data privacy, and cloud computing. 2. International cybersecurity standards from ISO, including standards for information security management, risk management, privacy, and more. 3. Regulatory guidance from other countries and regions, such as the NIST Cybersecurity Framework, ETSI cybersecurity controls, and EU GDPR. 4. Professional certifications and bodies of knowledge for cybersecurity, including ISC2 CISSP, ISACA CISM, and PCI DSS. The document provides links to each reference for further review.

Uploaded by

Glenn Lelis Tabucanon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
180 views4 pages

Cybersecurity Competency Framework - Reference - Links

The document outlines the normative references for cybersecurity practice, including: 1. Laws, regulations and policies from the Philippines government that relate to cybersecurity, data privacy, and cloud computing. 2. International cybersecurity standards from ISO, including standards for information security management, risk management, privacy, and more. 3. Regulatory guidance from other countries and regions, such as the NIST Cybersecurity Framework, ETSI cybersecurity controls, and EU GDPR. 4. Professional certifications and bodies of knowledge for cybersecurity, including ISC2 CISSP, ISACA CISM, and PCI DSS. The document provides links to each reference for further review.

Uploaded by

Glenn Lelis Tabucanon
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

CYBERSECURITY COMPETENCY FRAMEWORK

NORMATIVE REFERENCES OF CYBERSECURITY PRACTICE

1. Laws, Regulation and Policies

a. R.A. 10844 – DICT National Cybersecurity Plan and NCERT


 https://dict.gov.ph/wp-content/uploads/2016/10/DICT-IRR.pdf
 https://dict.gov.ph/wp-content/uploads/2019/07/NCSP2022-rev01Jul2019.pdf
 https://dict.gov.ph/wp-content/uploads/2020/03/Dept-Circular-No-003-3062020.pdf
 https://www.ncert.gov.ph/cert-manual/dictcertmanual.pdf

b. R.A. 10175 – Cybercrime Prevention Act


https://www.officialgazette.gov.ph/2015/08/12/implementing-rules-and-regulations-of-republic-
act-no-10175/

c. R.A. 10173 – Data Privacy Act


https://www.officialgazette.gov.ph/2016/08/25/implementing-rules-and-regulations-of-republic-
act-no-10173/

d. SEC Cyber Security Framework


https://www.sec.gov.ph/wp-
content/uploads/2020/12/2020Notice_DraftMemoCircularCyberSecurity.pdf

e. DICT Cloud First Policy


 https://i.gov.ph/policies/signed/department-circular-cloud-first-policy/
 https://dict.gov.ph/wp-
content/uploads/2020/06/Department_Circular_No_10_Amendments_to_DC_No_2017
_002_re_Prescribing.pdf
CYBERSECURITY COMPETENCY FRAMEWORK

2. International Standard Organization


a. ISO 27000 – Information Security Overview and Vocabulary
https://www.freestandardsdownload.com/iso-iec-27000-2018-pdf.html

b. ISO 29100 – Data Privacy Framework


https://www.freestandardsdownload.com/iso-iec-29100-2011.html

c. ISO 27001 – Information Security Management System – Requirements


https://www.freestandardsdownload.com/bs-en-iso-iec-27001-2017.html

d. ISO 27002 – Information Security Management System – Controls


https://www.freestandardsdownload.com/bs-en-iso-iec-27002-2017.html

e. ISO 27701 – Security and Privacy Management System – Controls


https://www.freestandardsdownload.com/iso-iec-27701-2019.html

f. ISO 29151 – Personal Information Privacy Controls


https://www.freestandardsdownload.com/iso-iec-29151-2017-pdf.html

g. ISO 27003 – Information Security Management System – Implementation


https://www.freestandardsdownload.com/iso-iec-27003-2017-pdf-download.html

h. ISO 29190 – Data Privacy Management Capability Model


http://kantarainitiative.org/confluence/download/attachments/49775225/Cut_2ndWD.doc

i. ISO 27005 – Information Security Risk Management


https://www.freestandardsdownload.com/iso-iec-27005-2018-pdf-download.html

j. ISO 29134 – Privacy Impact Assessment


https://www.freestandardsdownload.com/iso-iec-29134-2017-pdf.html

k. ISO 27033 – Network Security


https://www.iso27001security.com/html/27033.html

l. ISO 27040 – Storage Security


https://www.iso27001security.com/html/27040.html

m. ISO 27034 – Application Security


https://www.iso27001security.com/html/27034.html

n. ISO 27017 – Cloud Security


https://www.freestandardsdownload.com/iso-iec-27017-2015-pdf-free-download.html
CYBERSECURITY COMPETENCY FRAMEWORK
o. ISO 27018 – Cloud Privacy
https://www.freestandardsdownload.com/iso-iec-27018-2014.html

p. ISO 27036 – Supplier Relationship Security


https://standards.iso.org/ittf/PubliclyAvailableStandards/c059648_ISO_IEC_27036-1_2014.zip

q. ISO 27032 – Cybersecurity Guidelines


https://www.iso27001security.com/html/27032.html

r. ISO 27035 – Security Incident Management


https://sites.google.com/a/ist033.org.uk/public/home/4/cg-ip/27035

s. ISO 22301 – Business Continuity Management


http://www.nobelcert.com/DataFiles/FreeUpload/ISO%2022301-2019.pdf

t. ISO 27031 – IT Business Continuity


https://www.freestandardsdownload.com/iso-iec-27031-2011-pdf-download.html

u. ISO 31000 – Risk Management


https://www.freestandardsdownload.com/bs-iso-31000-2018-pdf-download.html

v. ISO 22320 – Emergency Management –Incident Management


https://www.freestandardsdownload.com/bs-iso-22320-2018-pdf-download.html

3. Other Country Regulatory Guidance


a. NIST Cybersecurity Framework
https://www.nist.gov/cyberframework

b. ETSI Cybersecurity Control


https://www.etsi.org/newsroom/news/1342-2018-10-news-etsi-publishes-critical-security-
controls-for-effective-cyber-defence-as-technical-reports

c. EU General Data Privacy Regulation


https://gdpr-info.eu/

d. HIPAA – Health Personal Information


https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/combined-regulation-
text/index.html
CYBERSECURITY COMPETENCY FRAMEWORK
4. Professional Body of Knowledge and Competency Certification
a. Cybersecurity Body of Knowledge
https://www.cybok.org/media/downloads/CyBOK-version-1.0.pdf

b. ISC2 CISSP
https://download.e-bookshelf.de/download/0012/5392/67/L-G-0012539267-0035586020.pdf

c. ISACA CISM
https://www.pdfdrive.com/cism-review-manual-2014-e184020432.html

d. PCI-DSS - Payment Card Industry


https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf?
agreement=true&time=1534870826847

You might also like