http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref2032
Cyber-attacks are among the greatest risks an organization can face. Having standards and systems in place to keep information safe has therefore never been more important than in today's digital world. This is why the ISO/IEC 27000 series on security techniques for information technology has been updated to provide organizations with that added value and confidence.
In a global survey conducted by ISACA in 129 countries, only 38 % of respondents felt they were prepared for a cyber-attack – even though 83 % believed these are among the top three threats facing organizations today. With so much personal and sensitive information being handled electronically, there is a lot at stake if it were to be compromised.
Prof. Edward Humphreys, Convenor of the working group responsible for ISO’s information security management systems (ISMS) standards, emphasizes, “To ensure security in today’s digital landscape, all organizations, irrespective of size, should put in place a management framework as a starting point to manage cyber risks. ISO/IEC 27001 was designed to help organizations do just that. The standard is the world’s ‘common language’ when it comes to assessing, treating and managing information-related risks.”
Below are the latest revisions and additions to the ISO/IEC 27000 series – all published in 2015 – which form part of the ISO/IEC 27001 “cyber-risk toolbox”, to help keep these risks in check.
Protecting information in the cloud (ISO/IEC 27017)
Integrated solutions for services (ISO/IEC 27013)
Detecting and preventing cyber-attacks (ISO/IEC 27039)
Audit and certification (ISO/IEC 27006)