Information Technologies and Security Standards and Organizations
In this article, I will touch upon national and international organizations working in the field of information technologies and security. I will talk about the standards in this field and their purposes.
Information Technology and Security Organizations
The main purpose of information technologies and security organizations is to prevent unauthorized access to information by protecting information assets, to ensure the integrity and accuracy of information and information assets, and to ensure that authorized users have access to information when they need it.
1-ISO (International Organization for Standardization)
ISO is a leading organization that develops international standards for information technology and security. These standards help organizations protect their information assets.
2-IEC (International Electrotechnical Commission)
IEC, which develops standards for electrical, electronic and related technologies, creates standards in the field of cyber security and information technologies in cooperation with ISO. For example, the ISO/IEC 27000 series standards are a product of this collaboration.
3-ISACA (Information Systems Audit and Control Association)
ISACA is an international professional organization specializing in information systems auditing, security and governance. Founded in 1969, this organization develops IT governance frameworks such as COBIT and enhances the competencies of professionals by offering certifications such as CISA (Certified Information Systems Auditor) and CISM (Certified Information Security Manager). ISACA, which helps businesses manage technology risks and implement cyber security standards, has gained an important place in the sector by combining theoretical and practical knowledge.
4-ITU (International Telecommunication Union)
ITU, an organization affiliated with the United Nations, coordinates cyber security strategies by setting standards in the field of telecommunications and information technologies. It aims to protect digital infrastructures and make them resistant to cyber threats by collaborating with member countries. ITU, which provides leadership on issues such as the spread of the Internet and the security of communication networks, contributes to the shaping of technology policies on a global scale.
5-NSA (National Security Agency)
The US-based National Security Agency (NSA) is an organization founded in 1952 that operates in the field of signals intelligence (SIGINT) collection, cybersecurity and cryptology to protect national security. While protecting critical infrastructures against cyber threats, it contributes to the development of encryption standards such as AES and conducts targeted cyber operations with the TAO unit. However, it has been the subject of privacy violation discussions due to contact tracing activities around the world through programs such as PRISM. It has a global influence in the field of information technologies and security, with both defense and intelligence gathering capacity.
6-ENISA (European Union Agency for Cybersecurity)
ENISA, the European Union's cyber security agency, was established in 2004 to increase cyber security capacity in member countries and strengthen cooperation against common threats. It supports Europe's digital security with risk analyses, training programs and standards development work. Additionally, as an influential actor in the international cybersecurity community, it operates in areas such as threat intelligence sharing and crisis management.
7- ETSI (European Telecommunications Standards Institute)
The European Telecommunications Standards Institute (ETSI) is a European organization founded in 1988 that develops standards in the fields of telecommunications, information technologies and cybersecurity. While it creates standards for technologies such as GSM, 5G and the Internet of Things (IoT), it also works on cybersecurity protocols and data protection systems. ETSI, industry, academia and public institutionsBy collaborating with , it ensures the global dissemination of innovative and secure communication technologies. Although European-focused, its standards are adopted internationally.
8-NIST (National Institute of Standards and Technology)
US-based NIST is a leading organization that develops standards and guidelines in the field of information technologies and cybersecurity. Resources such as the NIST Cybersecurity Framework and the SP 800 series are referenced by organizations around the world. By supporting technological innovations and providing practical solutions against cyber threats, NIST contributes to increasing security in both the public and private sectors.
9-IEEE (Institute of Electrical and Electronics Engineers)
IEEE, which develops standards in areas such as information technology, telecommunications and cybersecurity, is a global authority especially on technical innovations and applications.
10-IETF (Internet Engineering Task Force)
Developing the technical infrastructure of the Internet, IETF works on network protocols and security standards. It operates as an open community and aims to improve the security of the Internet.
11-ISC²(International Information System Security Certification Consortium)
ISC² (International Information Systems Security Certification Consortium) is a non-profit organization that offers internationally recognized certifications for information security professionals. Known for its industry-respected certifications such as CISSP (Certified Information Systems Security Professional), ISC² sets standards in the field of information security and supports professional development in this field. The organization aims to ensure that information security experts keep their competencies up to date through its adherence to ethical rules and continuous training requirements.
12-OWASP (Open Web Application Security Project)
OWASP (Open Web Application Security Project) is an open source and non-profit organization operating worldwide in the field of web application security. Its goal is to provide guidance and tools for software developers, security experts, and organizations to develop more secure applications. OWASP is especially known for its "OWASP Top 10" report, which is updated every few years and is considered a reference worldwide; This report lists the most common and critical web application vulnerabilities. OWASP projects carried out by volunteers; It includes many free resources such as guides, testing tools, and training materials.
13-FIRST (Forum of Incident Response and Security Teams)
FIRST, an international network of cyber incident response teams, promotes rapid response and information sharing to security incidents.
14-BTK (Information Technologies and Communications Authority)
Information Technologies and Communication Authority is the main public institution that regulates and supervises the telecommunications and informatics sector in Turkey. It was established in 2000 as the Telecommunications Authority and took its current name in 2008. While BTK promotes competition in the electronic communications sector, it coordinates cyber security policies and fights against cyber threats on a national scale by incorporating units such as USOM (National Cyber ​​Incident Response Center). Additionally, it creates awareness by providing technology and cyber security training with BTK Academy.
15-USOM (National Cyber Incident Response Center â€" TR-CERT)
Operating under BTK, USOM is defined as Turkey's cyber security castle and provides protection against cyber threats at national and international levels. It undertakes tasks such as rapid response to cyber incidents, collection of threat intelligence and coordination between the public and private sectors. This center, which works 24/7 to detect and prevent cyber attacks against Turkey, aims to increase the security of critical infrastructures and contributes to the development of the cyber security ecosystem.
16-TUBITAK BÄ°LGEM
BÄ°LGEM (Informatics and Information Security Advanced Technologies Research Center), which is affiliated with the Scientific and Technological Research Council of Turkey (TÃœBÄ°TAK), carries out R&D activities in the field of informatics and cyber security technologies. This center develops software, hardware and cryptology solutions for national security projects and produces innovative technologies especially for the defense industry and public institutions. It is one of Turkey's leading organizations in cyber security testing, domestic software development and information security systems.
17-TSE
Turkish Standards Institute (TSE) is a national organization founded in 1954 that carries out standard development, certification and audit activities in Turkey. It supports the implementation of international standards in the field of information technologies and security, especially ISO/IEC 27001, in Turkey and contributes to the certification of cyber security management systems. TSE tests the reliability of IT products, inspects domestic companies' compliance with standards and helps strengthen the national cyber security ecosystem.
18-Turkey Cyber Security Cluster
Türkiye Cyber Security Cluster was established in 2017 under the leadership of the Presidency of Defense Industries and the Digital Transformation Office, with the contributions of public institutions, private sector and academy representatives. The main purpose of the cluster is to encourage the development of domestic and national cyber security products, strengthen the cyber security ecosystem and increase international competitiveness. The platform carries out various activities to support the technical and financial development of its members, improve cyber security standards and increase human resources. ​
19-Information Security Association (BGD)
Founded in 2007, the Information Security Association operates to raise awareness in the field of information security, organize training and contribute to national policies with the participation of academics, public officials and private sector experts. The association encourages knowledge sharing by organizing seminars and workshops for the public and private sectors.
20-Turkish Informatics Association (TBD)
Founded in 1971, Turkish Informatics Association is a well-established non-governmental organization that aims to develop the informatics sector and brings together stakeholders in this field. TBD undertakes the task of creating public opinion, organizing seminars and contributing to public policies in areas such as information technologies, software, cyber security and IT law.
Information Technologies and Security Standards
The main purpose of information technology and security standards is to protect the digital assets of institutions and individuals, to take precautions against cyber threats and to create a safe digital environment. These standards aim to ensure the confidentiality, integrity and accessibility of data, minimize risks, comply with legal regulations and promote best practices. Thus, it contributes to institutions and individuals operating safely in the digital world.
1-ISO/IEC 27000
The ISO/IEC 27000 series is a set of internationally recognized standards for establishing, implementing and maintaining information security management systems. This series provides a comprehensive framework that organizations can use to ensure information security. ISO/IEC 27001 is the core standard of the series and specifies the requirements for establishing an information security management system (ISMS). ISO/IEC 27002 provides best practice recommendations regarding the security controls used in the implementation of this system. Other standards guide organizations in risk management, data protection, access control, business continuity and other information security areas. The ISO/IEC 27000 series helps organizations reduce their risks and increase their security by standardizing information security processes.
2-NIST SP 800â€"53
This standard, developed by the US National Institute of Standards and Technology (NIST), provides information for the federal government and other organizations.It provides comprehensive controls and instructions to ensure the security of i-systems. NIST SP 800â€"53 is an important reference source for cybersecurity.
3-GDPR (General Data Protection Regulation)
The European Union General Data Protection Regulation (GDPR) introduces a set of regulations for the protection and privacy of personal data. These regulations require integrating information security practices into personal data processing processes.
4-PCI-DSS (Payment Card Industry Data Security Standard)
The Payment Card Industry Data Security Standard (PCI-DSS) defines mandatory security requirements for protecting payment card information. This standard ensures that organizations that process payment card information are compliant.
5-ITIL (Information Technology Infrastructure Library)
ITIL provides a framework for IT service management and helps organizations manage IT services efficiently, securely and compliantly. ITIL aims to increase the effectiveness of processes.
6-HIPAA (Health Insurance Portability and Accountability Act)
The Health Insurance Portability and Accountability Act (HIPAA), created in the United States to protect personal health information related to healthcare, establishes information security and privacy requirements for the healthcare industry.
7-CIS Controls (Center for Internet Security)
Developed by the Center for Internet Security (CIS), CIS Controls provide best practice guides for organizations to strengthen their cybersecurity. These controls aim to increase information security by creating a defense wall against attacks.
8-Common Criteria
Common Criteria is an internationally recognized standard for evaluating the security features of information technology (IT) products and systems. This standard, also known as ISO/IEC 15408, provides a framework for determining the security requirements of IT products, testing and certifying their compliance with these requirements. It uses evaluation assurance levels called EAL (Evaluation Assurance Level) to evaluate the security levels of products. Common Criteria is widely used in sectors where security awareness is high (public, defense, finance, etc.).
9-KVKK (Personal Data Protection Law)
It is a law that regulates the protection of personal data in Turkey. It determines the rules that institutions must comply with when processing personal data and requires measures to be taken against data breaches.
10-NIST-Cybersecurity Framework
It is a framework developed by the US National Institute of Standards and Technology (NIST). It provides a guide for organizations to manage and improve their cybersecurity risks.
11-COBIT (Control Objectives for Information Technologies)
COBIT (Control Objectives for Information Technology) provides a framework for IT governance and management. This standard supports organizations to effectively manage and secure their information technologies. COBIT enables processes to be controlled and monitored.
12-MITTER ATT&CK
MITER ATT&CK is a globally accessible knowledge base of cyber attacker tactics and techniques, based on real-world observations. It details the tactics and techniques attackers use throughout the attack lifecycle. This framework helps organizations better understand attacks, improve threat intelligence, and optimize defensive strategies.
13-Cyber Kill Chain
Developed by Lockheed Martin, the Cyber Attack Chain is a model that describes the stages of a cyber attack. This model is used by attackers to achieve their goals.It helps to understand the routes they follow and develop defense strategies. The cyber attack chain describes seven stages that an attacker must go through to achieve their goal.
Information Technologies and Security Certification Bodies
There are many internationally valid certificates in the field of information technologies and security that certify the competencies of professionals. These certificates are considered by employers as an important criterion to evaluate the knowledge level and experience of candidates
1-ISC² (International Information System Security Certification Consortium)
ISC² is a non-profit organization that offers internationally recognized certifications for information security professionals. Known for its industry-respected certifications such as CISSP (Certified Information Systems Security Professional), ISC² sets standards in the field of information security and supports professional development in this field.
2-ISACA (Information Systems Audit and Control Association)
ISACA is an organization specializing in information systems auditing, control, security and governance. It is known for its certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager) and CRISC (Certified in Risk and Information Systems Control).
3-CompTIA (Computing Technology Industry Association)
CompTIA is an organization that offers a wide range of certifications in the field of information technologies. CompTIA Security+ is a certification that certifies basic knowledge and skills in cybersecurity and is especially suitable for those who are just starting their careers.
4-SANS Institute (SysAdmin, Audit, Network, Security)
SANS Institute is a globally recognized organization for cybersecurity training and certification. It offers a variety of training programs, certifications and resources for cybersecurity professionals. SANS is a valuable resource for those looking to specialize in cybersecurity and provides industry-standard certifications.
5-EC-Council
EC-Council is an organization that offers certifications in ethical hacking and cybersecurity. The CEH (Certified Ethical Hacker) certificate is an important certificate that certifies knowledge and skills in the field of ethical hacking.
6-Cloud Security Alliance (CSA)
CSA is an organization that specializes in cloud security and offers certifications such as CCSK (Certificate of Cloud Security Knowledge). This certificate provides knowledge and skills in the security of cloud-based infrastructures. CSA also provides a variety of resources to disseminate cloud security best practices.
In this article, I have compiled national and international organizations working in the field of Information Technologies and Security, the standards created by these organizations, and also the certification authorities. I hope it was useful. If there are any points I missed, you can add them to the comments section.