Cybersecurity Standards
"Cyber security standards have been created recently because sensitive information is now frequently stored on computers that are attached to the Internet. Also many tasks that were once done by hand are carried out by computer; therefore there is a need for Information Assurance (IA) and security. Cyber security is important in order to guard against identity theft. Businesses also have a need for cyber security because they need to protect their trade secrets, proprietary information, and personally identifiable information (PII) of their customers or employees. The government also has the need to secure its information. This is particularly critical since some terrorism acts are organized and facilitated by using the Internet." (Wikipedia)
Purchase & read: Cyber Risks for Business Professionals
Download & read: CyberWar, CyberTerror, CyberCrime
 |
Download our free up-to-date White Paper Cyber Security: a Critical Business Risk, which sets out a Seven-Step Cyber Security Strategy that every organisation should adopt: |
 Free Download! |
This free white paper has been recently updated and explains in details the four highest-priority risks faced by the UK today. Advanced Persistent Threats (APT) are also discussed in detail along with the Seven-Step Cyber Security Strategy that every organisation should adopt!
Effective Cybersecurity
Effective cyber security depends on co-ordinated, integrated preparations for rebuffing, responding to and recovering from, a range of possible cyber attacks. In an Internet environment where a substantial number of initial attacks are automated, and any assault on critical national infrastructure ('CNI') is likely to be widespread, all organisations need to take steps to prepare themselves.
ISO27001 - the Cybersecurity Standard
ISO27001, together with the Code of Practice, ISO27002, provide an internationally recognised best-practice framework for addressing the entire range of risks which, taken together, may be described as cyber risks. ISO27001 and ISO27002, the related Control Guidance, are the basis for the UK's national information security management standards - they are at the core of the NHS Connecting to N3 requirements, the government secure connection (or Codes of Connection - CoCo) requirements, the Gambling Commission Compliance requirements, the DWP's baseline and Security Plan requirements and virtually every other security management activity across the UK's critical national infrastructure. ISO27001 is also used as the basis for Supplier Audits and Supply Chain Assurance.
Accredited Certification to ISO27001
Accredited Certification to ISO27001 gives an organisation internationally recognised and accepted proof that its system for managing information security - its ISMS or cyber security readiness - is of an acceptable, independently audited and verified standard.
Cyber Resilience
The idea of resilience - that an organisation's systems and processes should be resilient against outside attack or natural disaster - is a key principle underpinning ISO27001. Business continuity for Information and Communications Systems is fundamental to an effective ISMS, and the British Standard BS25777 provides detailed and valuable guidance on how this critical aspect should be tackled. Designed to work within a broader Enterprise business continuity management system (such as that specified in the world-leading BS25999), BS25777 should form part of every organisation's planning for cyber security.
Business Resilience
Cyber resilience is, really, part of a wider business resilience strategy. While development of a broad business resilience strategy should fit within an organisation's enterprise risk management framework, there is no reason to delay dealing with cyber resilience because a wider business resilience strategy has still to be developed.
