Taking information security management to another level with a new standard for specific market sectors.
With cyber threats on the rise putting businesses and industries at risk, it is more important than ever that organizations protect their information and that of their customers. It is no surprise, then, that the ISO and IEC standard for information security, ISO/IEC 27001, has become so widely used. A new standard just published will take that a step further, helping to apply the requirements of this flagship standard to specific sectors.
Offering more tailored protection for specific sectors (e.g. finance, transportation and healthcare, and infrastructure projects such as smart cities) to ward off threats to their information has become a political, business and economic imperative, driving a need for sector-specific cyber standards. The recently published ISO/IEC 27009 will help standards developers do just that, providing the necessary advice and guidance on how to create standards that apply ISO/IEC 27001 to individual sectors.
ISO/IEC 27009, Information technology – Security techniques – Sector-specific application of ISO/IEC 27001 – Requirements, joins the ISO/IEC 27000 family of standards to help maximize the effectiveness of ISO/IEC 27001. It explains how to include requirements and controls additional to those in ISO/IEC 27001 that are applicable to specific sectors, enabling them to achieve consistency when developing standards in this family.
“We have already developed several sector-specific standards, such as ISO/IEC 27011 for telecoms, ISO/IEC 27017 for cloud computing and ISO/IEC 27019 for the energy sector. These standards are examples of where controls, additional to those in ISO/IEC 27001, have been defined to meet the requirements of the specific sectors concerned. In developing these standards, it became clear that a harmonized structure and language, based on ISO/IEC 27001, and specific guidance would make the development of future sector-specific standards more effective, and avoid duplication.
read the whole article...
With cyber threats on the rise putting businesses and industries at risk, it is more important than ever that organizations protect their information and that of their customers. It is no surprise, then, that the ISO and IEC standard for information security, ISO/IEC 27001, has become so widely used. A new standard just published will take that a step further, helping to apply the requirements of this flagship standard to specific sectors.
Offering more tailored protection for specific sectors (e.g. finance, transportation and healthcare, and infrastructure projects such as smart cities) to ward off threats to their information has become a political, business and economic imperative, driving a need for sector-specific cyber standards. The recently published ISO/IEC 27009 will help standards developers do just that, providing the necessary advice and guidance on how to create standards that apply ISO/IEC 27001 to individual sectors.
ISO/IEC 27009, Information technology – Security techniques – Sector-specific application of ISO/IEC 27001 – Requirements, joins the ISO/IEC 27000 family of standards to help maximize the effectiveness of ISO/IEC 27001. It explains how to include requirements and controls additional to those in ISO/IEC 27001 that are applicable to specific sectors, enabling them to achieve consistency when developing standards in this family.
“We have already developed several sector-specific standards, such as ISO/IEC 27011 for telecoms, ISO/IEC 27017 for cloud computing and ISO/IEC 27019 for the energy sector. These standards are examples of where controls, additional to those in ISO/IEC 27001, have been defined to meet the requirements of the specific sectors concerned. In developing these standards, it became clear that a harmonized structure and language, based on ISO/IEC 27001, and specific guidance would make the development of future sector-specific standards more effective, and avoid duplication.
read the whole article...
