New ISO cybersecurity standard published.

 

This new ISO standard (27032:2012) will help ensure safety of online transactions and personal information exchanged over the Internet, and protect your computer when browsing any Websites.

We nearly all rely on the Internet for all kinds of day to day activity in our business and personal lives, from sharing important work files to paying our bills and cybersecurity has become a key concern for all of us. A new ISO standard, ISO/IEC 27032:2012, Information technology – Security techniques – Guidelines for cybersecurity, will make cyberspace safer.

Cyberspace is a complex environment consisting of interactions between people, software and services, supported by worldwide distribution of information and communication technology (ICT) devices and networks. Collaboration is essential to ensure a safe online environment. The new standard addresses security gaps arising from the lack of communication between the different users and providers of cyberspace. It tackles any risks not covered by current Internet, network and information and communication technology security.

Johann Amsenga, Convenor of the working group that developed the standard explains, “Devices and connected networks that support cyberspace have multiple owners – each with their own business, operational and regulatory concerns. Not only do the different users and providers share little or no input, but each has a different focus when dealing with security. Such a fragmented state opens up vulnerabilities in cyberspace. ISO/IEC 27032 will provide an overarching, collaborative, multi-stakeholder solution to reduce these risks.”

ISO/IEC 27032 provides a framework for:

  • Information sharing
  • Coordination
  • Incident handling

The standard facilitates secure and reliable collaboration that protects the privacy of individuals everywhere in the world. In this way, it can help to prepare, detect, monitor, and respond to attacks such as:

  • Social engineering attacks
  • Hacking
  • Malicious software (malware)
  • Spyware
  • Other unwanted software

ISO/IEC 27032:2012, Information technology – Security techniques – Guidelines for cybersecurity, was developed by joint technical committee ISO/IEC JTC 1,Information technology, subcommittee SC 27, IT security techniques. It costs 154 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat through the ISO Store or by contacting the Marketing, Communication and Information department.


Continuity Forum Comment 

Standards, frameworks and guidelines abound across the area of Information Technology and increasingly cyberspace as the dependence of organisations and our society on its use continues to rise.

ISO is the most significant standards body in the world and ISO 27032:2012 is a step forward. The real issue for many though is not the absence of standards, but rather the difficulties of gaining support and embedding a cultural change in the attititude to security. With more and more integration developing between organisations systems especial care needs to be taken to ensure the continuity of of ICT services and the associated security requirements.

In addition, organisations should also be looking at not just prevention measures, but also other elements such as the incident and recovery processes.  It also makes a huge amount of sense to look at the insurance options that may be applicable. In this area the Continuity Forum is part of a new industry group (the Cyber Risk and Insurance Forum) formed through a cross sector alliance between insurers, security and other specialists to develop the awareness of both the issues and the capabilities. If you would like to know more about this group or its work please contact us directly.