It is often overlooked how institutions contribute to the cybersecurity and IT technology field. Here we are going to list some of the important organizations. Just keep in mind I will not have space to name all the big ones, but I will try to mention the noteworthy ones.
As part of the Department of Commerce, it is a non-regulatory agency. NIST advances measurement science, standards, and technology to promote innovation and industrial competitiveness. To protect information systems and networks, NIST plays a crucial role in developing and disseminating standards, guidelines, and best practices.
One of NIST’s key contributions to cybersecurity is the development of the Cybersecurity Framework (CSF). The CSF is a voluntary framework that provides a common language and a set of best practices for organizations to manage their cybersecurity risks. The CSF helps organizations identify, prioritize, and address their cybersecurity risks systematically and cost-effectively. It also helps organizations align their cybersecurity efforts with business goals and objectives.
In addition to the CSF, NIST also publishes cybersecurity standards, guidelines, and best practices. These include the Special Publication (SP) 800 series, which covers various topics related to cybersecurity, including risk management, identity, access management, incident response, and cybersecurity for the Internet of Things (IoT). NIST collaborates with other organizations, such as the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC), to develop global cybersecurity standards.
Not limited to the development of standards and guidelines. The agency conducts research and development (R&D) on cybersecurity technologies and practices. For example, NIST’s Computer Security Division (CSD) conducts R&D on cryptography, cybersecurity for critical infrastructure, and cybersecurity for the IoT. The CSD also manages the National Vulnerability Database (NVD), a comprehensive software and other systems vulnerabilities database.
Efforts also extend to education and outreach. The agency provides training and education on cybersecurity topics, such as the CSF and the SP 800 series, to a wide range of stakeholders, including federal agencies, state and local governments, and the private sector. NIST also hosts cybersecurity events and workshops and participates in various outreach programs, such as the National Cyber Security Alliance’s National Cyber Security Awareness Month (NCSAM).
They play a vital role in developing and disseminating cybersecurity standards, guidelines, and best practices. Its efforts help organizations protect their information systems and networks, and they also help promote innovation and industrial competitiveness in the cybersecurity field.
Source:
Video:
Is a comprehensive approach to improving the country’s critical infrastructure cybersecurity. It is a collaborative effort between the government, private sector, and academia to address the increasing threat of cyber-attacks on critical infrastructure such as power grids, transportation systems, and communication networks.
Source:
National Cyber-Informed Engineering Strategy
Video:
Energy Security: Cyber Informed Engineering
Governing, controlling, and securing information systems (IS) is the focus of this global professional association. Certification programs, educational events, and professional development opportunities are offered to help professionals develop and maintain their skills in the field of Information Systems. As well as publishing research and best practices related to IT governance and control, the organization provides a platform for IT professionals to network and collaborate on assorted topics. ISACA helps organizations achieve their business goals by developing effective information technology controls and practices by promoting the highest standards of ethical behavior and professionalism within the information technology community.
Source:
Video:
CREST provides certification, accreditation, and professional development services to the cybersecurity industry. It is a not-for-profit organization established in the UK in 2002. The global community of cybersecurity professionals includes security consultants, penetration testers, and IT security practitioners.
Source:
Video:
is a leading cybersecurity training and certification course provider. Founded in 1989, SANS is headquartered in Bethesda, Maryland, and has trained over 165,000 cybersecurity professionals worldwide. SANS offers various courses on cybersecurity, information security, network security, and cyber defense, among others. These courses are designed to help IT professionals and organizations stay up to date with the latest cybersecurity threats and techniques for protecting against them.
Source:
Cyber Security Training | SANS Courses, Certifications & Research
Video:
In 2002, CREST was established as a not-for-profit organization in the United Kingdom to provide certification, accreditation, and professional development services to the cybersecurity industry guidelines and recommended practices that help to ensure the safety efficiency and interoperability of electrical and electronic systems and devices. Some key areas in which IEEE standards are used include power and energy systems, telecommunications, computer networks, and medical devices.
Source:
Video:
Introduction to Standards: Institute of Electrical and Electronics Engineers (IEEE)
Is a global organization that develops and publishes international standards for various industries, including information technology, healthcare, manufacturing, and transportation. ISO is an independent, non-governmental organization that operates through a network of national standards bodies worldwide. ISO standards are developed through a consensus-based process that involves experts from various sectors and are designed to ensure the quality, safety, and efficiency of products, services, and systems. ISO standards are widely used in both the public and private sectors. They are recognized as an essential tool for promoting international trade and enabling the smooth operation of global supply chains.
https://www.iso.org/standards.html
Video:
IETF is a large, open international community of network designers, operators, vendors, and researchers concerned with improving Internet architecture and its smooth operation. There are no formal membership requirements or formal membership requirements for this all-volunteer organization. IETF members work on various technical and organizational issues, including developing standards for the Internet Protocol (IP) and other core protocols and issues related to security, routing, and management.
Source:
IETF
Video:
IETF – Internet Engineering Task Force – YouTube
Series is a collection of technical and organizational documents related to the Internet and the Internet Engineering Task Force (IETF) work. The RFC series is published by the Internet Society (ISOC), a professional membership society that provides leadership in Internet-related standards, education, and policy.
Source:
RFC 825 – Request for comments on Requests For Comments
Advises the IETF on technical and architectural matters. It comprises a small group of Internet technology experts appointed by the Internet Society.
Source:
Is a sister organization to the IETF, focused on longer-term research topics related to the Internet. It is composed of working groups that conduct research and produce documents on a wide range of topics, including networking, security, and social and economic issues.
Source: