Most of the time we use one of the commonly known Standards:
- - BSI Baseline Protection
- - ISO/IEC 2700x
- - PCI DSS (Payment Card Industry Data Security Standard)
- - CIS Top 20 Critical Security Controls for Effective Cyber Defense
- - NIST Cyber Security Framework
- - COBIT 5 for Information Security
However, depending on your needs and requirements we also use other standards such as industry specific standards for ISO/IEC 27002; ISO/IEC 27799 for Health informatics, ASVS (Application Security Verification Standard), MASVS (Mobile Application Security Verification Standard), OWASP Testing Guide, OWASP Mobile Testing Guide, CVSSv3, …