Business Issues Channels Enterprise Services SME Technology
Module Header
Craig WentworthMWD Advisors
Craig Wentworth
16th April - Egnyte the blue touchpaper...
Louella FernandesLouella Fernandes
Louella Fernandes
11th April - Managed Print Services: Are SMBs Ready?
Louella FernandesLouella Fernandes
Louella Fernandes
11th April - The Managed Print Services (MPS) Opportunity for SMBs
Simon HollowayThe Holloway Angle
Simon Holloway
11th April - Intellinote - capture anything!
David NorfolkThe Norfolk Punt
David Norfolk
11th April - On the road to Morocco

Blogs > The Norfolk Punt

ISO Cybersecurity Standard
David Norfolk By: David Norfolk, Practice Leader - Development, Bloor Research
Published: 2nd November 2012
Copyright Bloor Research © 2012
Logo for Bloor Research

Existing ISO security standards (such as the ISO/IEC 27000 group) have a good reputation. They aren't (and couldn't be) any sort of 'silver bullet' for the delivery of security without an organisation thinking in depth about risk and threat analyses, and without putting resources into implementing a good information security management system (ISMS), but they provide a good framework for implementing basic security (which you can build on for managing specific threats). They also help to provide a common vocabulary for all the stakeholders in security management.

Now "cybersecurity" is becoming the new buzzword and a new ISO/IEC cybersecurity standard promises to help with ensuring the safety of online transactions and personal information exchanged over the Internet, and even with protecting your computer when browsing websites. 

The new standard is, in full, ISO/IEC 27032:2012, Information technology - Security techniques - Guidelines for cybersecurity. Unfortunately, it costs money and I tend to feel that standards-based security management is so important to eCommerce that some way should be found to remove cost barriers to the wider dissemination of ISO/IEC 27000 standards. Although, I suppose a counter-argument is that people don't value what they get for nothing.

Anyway, at the very least, ISO/IEC 27032:2012 should help to ensure that all involved in what is the potential 'cybersecurity hype bubble' are talking off the same hymnsheet. Will it make cyberspace safer? Well, no, not in itself, as that is an implementation issue - and needs vision, management and insight from the people in an organisation. However, judging by previous ISO/IEC 27000 standards, it should help a security-aware management to bring its information security management systems up-to-date for the emerging cyber-risks - if its risk/threat analyses show that cyber-risks are actually real issues for the organisation.


Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761