Remember meForgot password?
    Log in with Twitter

article imageNew International Standard for information security

By Tim Sandle     Apr 21, 2018 in Technology
A revised standard for information security has been issued. This follows the changing landscape in relation to cybersecurity issues and the growing complexity of technology, which brings with it new vulnerabilities.
Security questions in 2018 have been flagged with the vulnerability of micro-processors. This has been followed by major cybersecurity initiatives like the European Union General Data Protection Regulation, which comes into effect in May 2018. The regulation relates to data protection and privacy for all individuals within the European Union. It regulation also addresses the export of personal data outside the EU. The aims are to give control back to citizens over their personal data and also to simplify the regulatory environment for international business.
2018 has also seen as revised international standard issued by the International Standards Organization (ISO), together with the International Electrotechnical Commission (IEC). The ISO was founded in 1947. The body promotes worldwide proprietary, industrial and commercial standards. ISO is headquartered in Geneva, Switzerland, and operates in 162 countries. The IEC specializes in standards in relation to electrical, electronic and related technologies.
The new standard is ISO/IEC 27000. The update to the information security document was led by the German ISO membership: the Deutsches Institut für Normung (DIN). The document is designed to provide an overview of information security management systems. The document also provides terms and definitions.
According to ISO staffer Barnaby Lewis, the new standard is intended to be “applicable to all types and size of organization from multinational business to small and medium-sized enterprises.” The content is also applicable to government agencies and for not-for-profit organizations.
The new document provides a model for users to follow when setting up and operating a management system. By following the standard, users can develop and implement a framework for managing the security of their information assets. This embraces financial information, intellectual property, and employee details. It also extends to information entrusted to users by customers or third parties.
Here bringing information security deliberately under overt management control is a central principle running through the standard. The target audience is information security managers. Through this, all organizations are encouraged to assess their information risks, then treat them (typically using information security controls) according to their needs.
The revision adds to the dozen or so standards that form the 27000 family. The updated document helps readers to understand of how the different standards connect, in terms of scope, roles, functions and relationship.
More about Cybersecurity, Cyberattack, Standards
Latest News
Top News