TRANSFORMATION OF INTERNATIONAL CYBERSECURITY STANDARDS AS A RESPONSE TO TECHNOLOGICAL AND GEOPOLITICAL CHALLENGES
DOI:
https://doi.org/10.32689/maup.it.2025.2.31Keywords:
cybersecurity, international standards, AI, IoT, geopolitical challenges, ISO/IEC 27001, NISTAbstract
The article is aimed at analyzing the transformation of international cybersecurity standards (ISO/IEC 27001, NIST Cybersecurity Framework, GDPR) as a response to technological (AI, IoT, 5G) and geopolitical challenges (state-sponsored cyberattacks, regulatory fragmentation).The study aims to identify key areas of evolution of standards, assess their adaptation to current threats, and suggest ways to improve global cyber resilience through cross-sectoral cooperation.The study is based on the analysis of verified data from reputable sources, including IBM Security Cost of a Data Breach 2024, ENISA 2023, Verizon DBIR 2024, Microsoft Threat Intelligence Report 2023, as well as official documents of international organizations (EU, NIST, ISO). A systematic approach was used to assess technological, geopolitical and regulatory factors affecting cybersecurity standards. A comparative analysis of standards (ISO/IEC 27001:2022, NIST CSF 2.0, GDPR, NIS2) allowed us to identify their updates and limitations. Additionally, cross-sectoral cooperation initiatives such as the Cybersecurity Tech Accord and the ENISA MeliCERTes platform were analyzed to assess their role in the implementation of standards.The article offers a comprehensive analysis of the transformation of cybersecurity standards with a focus on their adaptation to new technological threats (AI, IoT) and geopolitical realities (state-sponsored attacks). The novelty lies in the consideration of cross-sectoral cooperation as a key mechanism for implementing standards, which has not been sufficiently covered in the literature. The study also systematizes standard updates (e.g., the “Govern” feature in NIST CSF 2.0, the integration of DevSecOps in ISO/IEC 27001:2022) and assesses their impact on global harmonization, highlighting the barriers associated with regulatory fragmentation.The transformation of international cybersecurity standards is necessary to counter modern threats. Updates to ISO/IEC 27001:2022 and NIST CSF 2.0 address risks from AI, IoT, and supply chains, while GDPR and NIS2 strengthen data protection and incident response. However, political differences, such as between Western and Chinese standards (GB/T), complicate global harmonization. The human factor, which accounts for 68% of data breaches, calls for increased cyber literacy. Cross- sectoral cooperation, such as the ENISA and CISA initiatives, is critical to the practical implementation of standards. In the future, cyber resilience will depend on flexible standards, coordination between states, the private sector and international organizations, and investment in education and technology.
References
Arcila С., Pritam N., Kepple S. Data Breach Investigations Report: Vulnerability exploitation boom threatens cybersecurity. Verizon, 2024. URL: https://www.verizon.com/about/news/2024-data-breach-investigations-report-vulnerability-exploitation-boom (Accessed at: 15.05.2025).
Barafort B., Mesquida A. L., Mas A. Integrated risk management process assessment model for IT organizations based on ISO 31000 in an ISO multi-standards context. Computer Standards & Interfaces, 2018. № 60. С. 57–66.
California Consumer Privacy Act of 2018. California Legislative Information – Website. URL: https://leginfo.legislature. ca.gov/faces/codes_displayText.xhtml?division=3.&part=4.&lawCode=CIV&title=1.81.5 (Accessed at: 11.05.2025).
Chang L. Y. Legislative frameworks against cybercrime: The Budapest convention and Asia. The Palgrave Handbook of International Cybercrime and Cyberdeviance, 2020. PP. 327–343.
Ciglic K., Hering J. A multi-stakeholder foundation for peace in cyberspace. Journal of Cyber Policy, 2021. № 6(3). РР. 360–374.
Cost of a Data Breach Report 2024. IBM – Website. URL: https://www.ibm.com/reports/data-breach (Accessed at: 03.05.2025).
Edwards M. ISO 27001:2022 Annex A 5.23 – Information Security for Use of Cloud Services. ISMS.online, 2025. URL: https://www.isms.online/iso-27001/annex-a/5-23-information-security-use-of-cloud-services-2022/ (Accessed at: 03.05.2025).
Folorunso A., Mohammed V., Wada I., Samuel B. The impact of ISO security standards on enhancing cybersecurity posture in organizations. World Journal of Advanced Research and Reviews, 2024. № 24(1). РР. 2582–2595.
GB/T 22239-2019 Information security technology–Baseline for classified protection of cybersecurity (English Version). Code of China, 2019. URL: https://www.codeofchina.com/standard/GBT22239-2019.html (Accessed at: 11.05.2025).
ISO 27001:2022 Controls: Annex A list. Scrut Automationm, 2025. URL: https://www.scrut.io/iso-27001/iso-27001-controls/ (Accessed at: 03.05.2025).
ISO/IEC 27035-1:2023. ISO – Website, 2023. URL: https://www.iso.org/ru/standard/78973.html (Accessed at: 15.05.2025).
Joint Cyber Defense Collaborative. CISA – Website. URL: https://www.cisa.gov/topics/partnerships-and-collaboration/joint-cyber-defense-collaborative (Accessed at: 19.05.2025).
Microsoft Digital Defense Report. Microsoft Threat Intelligence, 2023. 131 р.
Morgan S. Global Ransomware Damage Costs Predicted To Hit $57B Annually In 2025. Elastio, 2025. URL: https:// elastio.com/research-report/2025-ransomware-report (Accessed at: 11.05.2025).
NIS 2 strengthens cybersecurity across the EU by setting higher standards for essential services. ENISA – Website. URL: https://www.enisa.europa.eu/topics/state-of-cybersecurity-in-the-eu/cybersecurity-policies/nis-directive-2?utm_ ource=chatgpt.com#contentList (Accessed at: 11.05.2025).
Parsons D. Sans Survey Ics 2023. SCRIBD, 2023. 19 р. URL: https://ru.scribd.com/document/678301429/Sans-Survey-Ics-2023 (Accessed at: 15.05.2025).
Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act). 2019. PP. 15–69.
Relekar I. NIST Cybersecurity Framework 2.0. ACA, 2024. URL: https://www.acaglobal.com/industry-insights/ nist-cybersecurity-framework-20/ (Accessed at: 11.05.2025).
Ribeiro A. ENISA Threat Landscape 2024 identifies availability, ransomware, data attacks as key cybersecurity threats. Industrial Cyber, 2024. URL: https://industrialcyber.co/reports/enisa-threat-landscape-2024-identifies- availability-ransomware-data-attacks-as-key-cybersecurity-threats/ (Accessed at: 15.05.2025).
Tanweer A. A Reliable Communication Framework and Its Use in Internet of Things (IoT). ResearchGate, 2018. № 3. URL: https://www.researchgate.net/publication/325645304_A_Reliable_Communication_Framework_and_Its_Use_ in_Internet_of_Things_IoT (Accessed at: 03.05.2025).
Venkat А. Geopolitics plays major role in cyberattacks, says EU cybersecurity agency. CSO, 2022. URL: https://www.csoonline.com/article/573999/geopolitics-plays-major-role-in-cyberattacks-says-eu-cybersecurity-agency.html (Accessed at: 03.05.2025).
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2025 Максим ЧЕРЕМНОВ
This work is licensed under a Creative Commons Attribution 4.0 International License.
