As our world gets increasingly digitalized and interconnected, the threats of cyber-attacks rise with it. Organizations need resilient and secure systems and processes in place to protect them, and an effective solution is a cybersecurity framework. Two new ISO guidance documents have just been published to help organizations ensure the best possible frameworks and keep them cybersecure.
Developed in collaboration with the International Electrotechnical Commission (IEC), ISO/IEC TS 27110, Information technology, cybersecurity and privacy protection – Cybersecurity framework development guidelines, specifies how to create or refine a robust system to protect against cyber-attacks.
Recognizing that many different cybersecurity frameworks exist, with highly diverse lexicons and conceptual structures, this technical specification intends to simplify the task for both creators and users by providing an internationally agreed minimum set of concepts and definitions that everyone can agree on. This then frees up valuable time for combatting the real threats to cybersecurity rather than getting entangled up in the concepts and terminology.
ISO/IEC TS 27110 is complemented by ISO/IEC TS 27100, Information technology – Cybersecurity – Overview and concepts, which defines cybersecurity, establishes its context in terms of managing information security risks when information is in digital form, and describes relevant relationships including how cybersecurity is related to information security.
Dr Edward Humphreys, Convenor of the ISO working group of experts that developed the documents, said the new guidance will help industry players be more effective in managing cyber-risks that are pervasive across our digital world.
“The IT security sector invests significant amounts of time and resources into complying with disparate regulations which, in the environment of finite resources, takes valuable time and resources away from actual cybersecurity activities. This will help to maximize resources to deal with combatting real-time cyber threats,” he said.
“Differences exist within individual countries and across global environments. These new technical specifications aim to provide clear guidance that will help organizations create a cybersecurity framework that is flexible in use while allowing for compatibility and interoperability across frameworks. This will contribute to alleviating these differences, while meeting stakeholder requirements, and create coherence across the industry.”
ISO/IEC TS 27110 and ISO/IEC TS 27100 were developed by joint technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, Information security, cybersecurity and privacy protection, whose secretariat is held by DIN, the ISO member for Germany. They are available from your national ISO member or the ISO Store.