Completed Blog Series


The PCI DSS v4.0 (Mar 2022) is an overwhelming document of 360 pages. In this blog series, we will break it down into bite-sized chunks.

Read More: https://devendrashirbad.in/pci-dss/pci-dss-home/

Blog Series In Progress

Cybersecurity Labs: Home

Cybersecurity labs are specialized virtual environments where individuals or organizations can test, analyze, and learn cybersecurity.

Read More: https://devendrashirbad.in/cybersecurity-labs/cybersecurity-labs-home/

Upcoming Blog Series

We shortlisted and are considering these blog series to be published but we do not have deadlines for these blog series as of now. Stay tuned!

NIST Risk Management Framework (RMF)

The NIST Risk Management Framework (RMF) provides a comprehensive, flexible, repeatable, and measurable 7-step process that any organization can use to manage information security and privacy risk for organizations and systems and links to a suite of NIST standards and guidelines to support implementation of risk management programs to meet the requirements of the Federal Information Security Modernization Act (FISMA).

  • SP 800-30: Guide for Conducting Risk Assessments
  • SP 800-37: Risk Management Framework for Information Systems and Organizations
  • SP 800-39: Managing Information Security Risk
  • SP 800-53: Security and Privacy Controls for Information Systems and Organizations

Read More: https://csrc.nist.gov/Projects/risk-management

NIST Cybersecurity Framework (CSF)

The NIST Cybersecurity Framework (CSF) 2.0 provides guidance to industry, government agencies, and other organizations to manage cybersecurity risks. It offers a taxonomy of highlevel cybersecurity outcomes that can be used by any organization – regardless of its size, sector, or maturity – to better understand, assess, prioritize, and communicate its cybersecurity efforts. The CSF does not prescribe how outcomes should be achieved. Rather, it links to online resources that provide additional guidance on practices and controls that could be used to achieve those outcomes. This document describes CSF 2.0, its components, and some of the many ways that it can be used.

Read More: https://www.nist.gov/cyberframework

Privacy Framework

The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.

Read More: https://www.nist.gov/privacy-framework

Secure Software Development Framework (SSDF)

The Secure Software Development Framework (SSDF) is a set of fundamental, sound, and secure software development practices based on established secure software development practice documents from organizations such as BSA, OWASP, and SAFECode. Few software development life cycle (SDLC) models explicitly address software security in detail, so practices like those in the SSDF need to be added to and integrated with each SDLC implementation.

Read More: https://csrc.nist.gov/Projects/ssdf

Zero Trust Architecture

The NCCoE initiated this project in collaboration with industry participants to demonstrate several approaches to a zero trust architecture applied to a conventional, general purpose enterprise information technology (IT) infrastructure on premises and in the cloud, which will be designed and deployed according to the concepts and tenets documented in NIST Special Publication (SP) 800-207, Zero Trust Architecture. The example implementations integrate commercial and open-source products that leverage cybersecurity standards and recommended practices to showcase the robust security features of zero trust architectures.

  • SP 800-207: Zero Trust Architecture

Read More: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

ISO/IEC 27000 family – Information Security Management

Overview And Terminology

  • ISO/IEC 27000: Information security management systems – Overview and vocabulary


  • ISO/IEC 27001: Information security management systems – Requirements
  • ISO/IEC 27006: Requirements for bodies providing audit and certification of information security management systems
  • ISO/IEC 27009: Sector-specific application of ISO/IEC 27001 – Requirements

General Guidelines

  • ISO/IEC 27002: Code of practice for information security controls
  • ISO/IEC 27003: Information security management – Guidance
  • ISO/IEC 27004: Information security management – Monitoring, measurement, analysis and evaluation
  • ISO/IEC 27005: Information security risk management
  • ISO/IEC 27007: Guidelines for information security management systems auditing
  • ISO/IEC TR 27008: Guidelines for auditors on information security controls
  • ISO/IEC 27013: Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1
  • ISO/IEC 27014: Governance of information security
  • ISO/IEC TR 27016: Information security management – Organizational economics
  • ISO/IEC 27021: Information security management – Competence requirements for information security management systems professionals

Sector-Specific Guidelines

  • ISO/IEC 27010: Information security management for inter-sector and inter-organizational communications
  • ISO/IEC 27011: Code of practice for information security controls based on ISO/IEC 27002 for telecommunications organizations
  • ISO/IEC 27017: Code of practice for information security controls based on ISO/IEC 27002 for cloud services
  • ISO/IEC 27018: Code of practice for protection of personally identifiable information (PII) in public clouds acting as PII processors
  • ISO/IEC 27019: Information security controls for the energy utility industry
  • ISO 27799: Health informatics – Information security management in health using ISO/IEC 27002
Scroll to Top
Seraphinite AcceleratorOptimized by Seraphinite Accelerator
Turns on site high speed to be attractive for people and search engines.