Hi there! It’s been a while since we caught up!
No one asked, but just so you know—I’m doing well! Although I’m feeling a bit under the weather today, probably because I just finished an intense 10-day study week. But hey, no time to rest; it’s time to start making progress again!
After doing some initial benchmarking to see how other central banks draft regulations on data management—specifically data security—it’s time to dive deeper into the key subtopics I plan to research:
- Identifying Security Standards — this post will focus on this one
- Designing a Framework
- Audit and Monitoring Procedures
- Reviewing the Best Technologies and Practices
Identifying Security Standards
What exactly are security standards for state organizations?
Simply put, they’re a set of guidelines and best practices designed to protect sensitive and confidential information. These standards help organizations:
- Mitigate risks,
- Reduce vulnerabilities,
- Ensure regulatory compliance,
- Maintain public trust, and
- Avoid legal consequences.
The key phrase here is “set of guidelines and best practices”—and that’s why I’m confident this topic is a great fit for my project. It aligns perfectly with this definition, which I found through my trusted friend: the internet search box.
Diving Into Initial Findings
While exploring security standards for state organizations, I came across a paper that outlines some valuable frameworks applicable to state-level operations (not just for my institution). Here are a few that stood out:
- ECSS (European Cooperation for Space Standardization):
Initially created for space systems, ECSS standards are helpful for early-phase security requirements. They emphasize defining security measures like access control, data integrity, and redundancy from the start. - IEEE (Institute of Electrical and Electronics Engineers):
IEEE focuses on security as a non-functional requirement, addressing attributes like protection against unauthorized access, modification, or destruction of data. This includes encryption, integrity checks, and communication restrictions. - ISO (International Organization for Standardization):
ISO offers a broader take on security, especially through standards like:- ISO 25010, which highlights information protection, system availability, and secure communication over public networks.
- ISO 27034, which focuses on application security, advocating risk assessments and security controls tailored to the application’s required trust level.
To narrow down which standards are most relevant for state organizations, it’s crucial to consider the unique context, regulatory requirements, and security needs. Other resources like NIST (National Institute of Standards and Technology) publications could also come in handy for further exploration.
Next Steps?
While I’ve started looking at these standards, I’m holding off on diving too deep into specifics just yet. My next immediate task is to reflect on what I’ve learned during this first semester and decide if I can shape my dissertation topic around Data Governance—specifically focusing on consumer data protection by Payment Service Providers (PJP).
So stay tuned! I’ll share more updates next week.
Reference list:
The Complete List of Data Security , What are information security standards?, Cyber Security Standards
Leave a Reply