Information assurance and standards [CISMP]

National and international information assurance standards  

The internet has opened the world up for us in ways that could never have been imagined.

It’s now possible to reach our friends across the globe with only a few swipes of the keyboard and sharing information world-wide is the foundation on which many organisations work. It makes sense then, that everyone should operate guided by the same standards. 

In the late 1800’s, a similar challenge was solved when the International Meridian Conference regulated time. Before then, towns and cities across the world operated to their own local timings.  

As the railways began to boom, the decision to make GMT time the standard that other time zones were measured against was made, and time was synchronised. But, what about business synchronisation with information assurance standards?

Decorative image: Person’s hands working at keyboard 

The World Standards Cooperation 

The International Organisation for Standardisation (ISO) is responsible for publishing and maintaining the largest collection of industrial standards in the world today, with collaboration from over 150 countries. They work closely with two other standards bodies – the International Electrotechnical Commission (IEC), and the International Telecommunication Union (ITU). Together, these form the super-standards organisation known as the World Standards Cooperation. 

Decorative image: IETF, The Internet Engineering Task Force 

The Internet Engineering Task Force (IETF)  

Another organisation working to standardise the use and distribution of data and digital information is The Internet Engineering Task Force. They’re the leading internet standards body, developing open standards through open processes with one goal in mind: to make the internet work better.

The Internet Society’s Internet Engineering Task Force (IETF) publishes new proposed standards in draft format as a Request for Comments (RFC) for discussion by its members. Each Request for Comments has a number; if it becomes accepted, it changes from being a draft standard to a standard. However, not all RFCs are published as standards, some are simply informational documents or general guides. Here’s an example of an (RFC) on the (IETF) site, this one addresses Ipsec transport mode recommending end to end encryption and tunnel mode, e.g. VPN.

What’s next? 

Now you know more about who is involved with the national and international information assurance standards, you can move on to looking at how these are implemented at ground level in the workplace. Of course, the information security manager plays an important role.


In this course on Malicious software, you will learn about the various types of Malicious code in detail, contrast the different types before looking at the countermeasures used to combat them. You’ll also encounter non-technical controls, and our expert Mark will show you the OWASP top ten security threats.

About the Author
Learning Paths

A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.