PAS 555:2013 is an outcomes-based, holistic approach to cyber security.
PAS 555 supplies a holistic framework for effective cyber security which not only considers the technical aspects, but also the related physical, cultural and behavioural aspects of an organisation’s approach to addressing cyber threats, including effective leadership and governance.
Through this approach, PAS 555 enables organisations to:
PAS 555 applies to the whole organisation and its supply chain, avoiding the dangers that can arise when the security measures fail to cover the whole of the business. It is an adaptable approach which can apply to any organisation, whatever its size or type, whether commercial, not-for-profit or public sector.
PAS 555’s flexibility allows an organisation to utilise its own defined processes or the adoption of other standards and management systems to achieve its intended cyber security ends. PAS 555 can be used alone, but is also compatible with many major security standards, such as ISO20000-1, ISO27001, ISO22301 and ISO31000.
Click to expand full contents »
2. Terms and definitions
3. Management structure
4. Commitment to a cyber security culture
5. Security context
6. Business architecture strategy
7. Capability development strategy
8. Supplier and partner strategy
9. Technology strategy
10. Business resilience
11. Compliance with legislation and other standards
12. Risk assessment
13. Protection and mitigation
14. Detection and response
16. Compliance analysis and continual improvement