A taxonomy for cybersecurity standards

Cybersecurity standards on a global scale are exhaustive, appealing to several types, such as glossaries, guidelines, methods, and objectives (e.g., Information Technology evaluation, requirement identification, risk management, and technical specifications). This chaotic range of standards towards the rapid pace of technological and threat evolution hinders stakeholders (e.g., security architects/developers, policymakers, testers, and auditors) from discovering which standards best meet their security needs.

The paper analyzes this challenge and contributes to harmonizing standards by identifying relationships between the EU regulation and prominent cybersecurity standards. The current work develops a taxonomy that classifies cybersecurity standards according to their objective, usage, and sector, aiming to help stakeholders understand their purpose and decide which they should adopt to cover their organizational needs. The taxonomy is represented in a semantic ontology, following the Web Ontology Language Edition 2 knowledge engineering approach. A realistic scenario is described to illustrate the applicability of the taxonomy.

This work has received funding from the European Union’s Horizon Innovation Action program under
grant agreement No. 101120684 project CUSTODES; In addition, it is supported by the European Union’s Horizon Research and Innovation program under grant agreement No101021659 project SENTINEL.