Scribd
Upload
331 views

Cybersecurity Competency Framework Rules Standards

The document outlines normative references for cybersecurity practice, including laws and regulations from the Philippines and international standards organizations. It discusses frameworks from other countries and professional bodies of knowledge related to cybersecurity competencies and certifications. The references cover a wide range of topics including information security, risk management, privacy, cloud security, incident response, and regulatory compliance.

Uploaded by

JMLOGIC
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
331 views

Cybersecurity Competency Framework Rules Standards

The document outlines normative references for cybersecurity practice, including laws and regulations from the Philippines and international standards organizations. It discusses frameworks from other countries and professional bodies of knowledge related to cybersecurity competencies and certifications. The references cover a wide range of topics including information security, risk management, privacy, cloud security, incident response, and regulatory compliance.

Uploaded by

JMLOGIC
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

CYBERSECURITY COMPETENCY FRAMEWORK

NORMATIVE REFERENCES OF CYBERSECURITY PRACTICE

1. Laws, Regulation and Policies

a. R.A. 10844 – DICT National Cybersecurity Plan and NCERT


 https://dict.gov.ph/wp-content/uploads/2016/10/DICT-IRR.pdf
 https://dict.gov.ph/wp-content/uploads/2019/07/NCSP2022-
rev01Jul2019.pdf
 https://dict.gov.ph/wp-content/uploads/2020/03/Dept-Circular-No-003-
3062020.pdf
 https://www.ncert.gov.ph/cert-manual/dictcertmanual.pdf

b. R.A. 10175 – Cybercrime Prevention Act


https://www.officialgazette.gov.ph/2015/08/12/implementing-rules-and-
regulations-of-republic-act-no-10175/

c. R.A. 10173 – Data Privacy Act


https://www.officialgazette.gov.ph/2016/08/25/implementing-rules-and-
regulations-of-republic-act-no-10173/

d. Bangko Sentral ng Pilipinas Informaton Technology Risk Management


https://morb.bsp.gov.ph/148-information-technology-risk-management/
https://morb.bsp.gov.ph/appendix-75/

e. SEC Cyber Security Framework


https://www.sec.gov.ph/wp-
content/uploads/2020/12/2020Notice_DraftMemoCircularCyberSecurity.pdf

f. DICT Cloud First Policy


 https://i.gov.ph/policies/signed/department-circular-cloud-first-policy/
 https://dict.gov.ph/wp-
content/uploads/2020/06/Department_Circular_No_10_Amendments_t
o_DC_No_2017_002_re_Prescribing.pdf

2. International Standard Organization


CYBERSECURITY COMPETENCY FRAMEWORK

a. ISO 27000 – Information Security Overview and Vocabulary


https://www.freestandardsdownload.com/iso-iec-27000-2018-pdf.html

b. ISO 29100 – Data Privacy Framework


https://www.freestandardsdownload.com/iso-iec-29100-2011.html

c. ISO 27001 – Information Security Management System – Requirements


https://www.freestandardsdownload.com/bs-en-iso-iec-27001-2017.html

d. ISO 27002 – Information Security Management System – Controls


https://www.freestandardsdownload.com/bs-en-iso-iec-27002-2017.html

e. ISO 27701 – Security and Privacy Management System – Controls


https://www.freestandardsdownload.com/iso-iec-27701-2019.html

f. ISO 29151 – Personal Information Privacy Controls


https://www.freestandardsdownload.com/iso-iec-29151-2017-pdf.html

g. ISO 27003 – Information Security Management System – Implementation


https://www.freestandardsdownload.com/iso-iec-27003-2017-pdf-
download.html

h. ISO 29190 – Data Privacy Management Capability Model


http://kantarainitiative.org/confluence/download/attachments/49775225/Cut_2
ndWD.doc

i. ISO 27005 – Information Security Risk Management


https://www.freestandardsdownload.com/iso-iec-27005-2018-pdf-
download.html

j. ISO 29134 – Privacy Impact Assessment


https://www.freestandardsdownload.com/iso-iec-29134-2017-pdf.html

k. ISO 27033 – Network Security


https://www.iso27001security.com/html/27033.html
CYBERSECURITY COMPETENCY FRAMEWORK
l. ISO 27040 – Storage Security
https://www.iso27001security.com/html/27040.html

m. ISO 27034 – Application Security


https://www.iso27001security.com/html/27034.html

n. ISO 27017 – Cloud Security


https://www.freestandardsdownload.com/iso-iec-27017-2015-pdf-free-
download.html

o. ISO 27018 – Cloud Privacy


https://www.freestandardsdownload.com/iso-iec-27018-2014.html

p. ISO 27036 – Supplier Relationship Security


https://standards.iso.org/ittf/PubliclyAvailableStandards/c059648_ISO_IEC_2703
6-1_2014.zip

q. ISO 27032 – Cybersecurity Guidelines


https://www.iso27001security.com/html/27032.html

r. ISO 27035 – Security Incident Management


https://sites.google.com/a/ist033.org.uk/public/home/4/cg-ip/27035

s. ISO 22301 – Business Continuity Management


http://www.nobelcert.com/DataFiles/FreeUpload/ISO%2022301-2019.pdf

t. ISO 27031 – IT Business Continuity


https://www.freestandardsdownload.com/iso-iec-27031-2011-pdf-
download.html

u. ISO 31000 – Risk Management


https://www.freestandardsdownload.com/bs-iso-31000-2018-pdf-
download.html

v. ISO 22320 – Emergency Management –Incident Management


CYBERSECURITY COMPETENCY FRAMEWORK
https://www.freestandardsdownload.com/bs-iso-22320-2018-pdf-
download.html

3. Other Country Regulatory Guidance


a. NIST Cybersecurity Framework
https://www.nist.gov/cyberframework

b. ETSI Cybersecurity Control


https://www.etsi.org/newsroom/news/1342-2018-10-news-etsi-publishes-
critical-security-controls-for-effective-cyber-defence-as-technical-reports

c. SCF – Secure Control Framework


https://www.securecontrolsframework.com/?
fbclid=IwAR3UgjMpsIbjBBm24bQcSRBfZJkKi0A0UWC83rg9WN_Z7i8MgPLf8O9G
Qls

d. CSC – Cloud Security Alliance


https://cloudsecurityalliance.org/artifacts/cloud-controls-matrix-v3-0-1/

e. OWASP - Open Web Application Security Projec


https://owasp.org/www-project-cyber-controls-matrix/

f. EU General Data Privacy Regulation


https://gdpr-info.eu/

g. PCI DSS Pay Card Industry Data Security Standard


https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf?
agreement=true&time=1534870826847

h. HIPAA – Health Personal Information


https://www.hhs.gov/hipaa/for-professionals/privacy/laws-
regulations/combined-regulation-text/index.html

i. FIRST – Forum of Incident Response and Security Teams


https://www.first.org/standards/frameworks/csirts/csirt_services_framework_v
2.1
CYBERSECURITY COMPETENCY FRAMEWORK
4. Professional Body of Knowledge and Competency Certification
a. Cybersecurity Body of Knowledge
https://www.cybok.org/media/downloads/CyBOK-version-1.0.pdf

b. ISC2 CISSP
https://download.e-bookshelf.de/download/0012/5392/67/L-G-0012539267-
0035586020.pdf

c. COMPTIA+ Cybersecurity Analyst


https://www.pdfdrive.com/comptia-cybersecurity-analyst-e49426045.html

d. ISACA CISA
https://www.pdfdrive.com/cisa-certified-information-systems-auditor-study-
guide-e182911786.html

e. ISACA CISM
https://www.pdfdrive.com/cism-review-manual-2014-e184020432.html

You might also like