Over the last several decades, international standards bodies and governments have developed an acronym soup of cyber security standards. We commonly hear: SOC ISO/IEC, PCIE, ESTI, CIS, IRAP, ISPC; but how much do we really understand the goals, purposes and impacts on these standards?

In this session, we will be diving into some of these standards, with the aim of answering two critical questions:
• What does it mean for an organisation to be compliant with these standards?
• What does it mean for consumers of IT services when a provider or vendor has these certification?
• How can consumers be confident that their IT service providers/vendors are actually following the processes outlined in these standards?

In this presentation I am going to describe the who, what, when, where and why of cyber security standards; their implications on customers, development, security and operation teams; and how they may being positive and negative change to company culture.