BUILDING A SINGLE FRAME OF REFERENCE
New guidelines on cybersecurity frameworks have just been released.
As our world becomes digitized and interconnected, the threats from cyberattacks increase with it. Organizations need secure and resilient systems and processes to protect them, and an effective solution is a cybersecurity framework. Two new ISO guidance documents have just been released to help organizations ensure the best possible frameworks and keep them in cybersecurity.
Developed in collaboration with the International Electrotechnical Commission (IEC), ISO / IEC TS 27110, Information Technology, Cybersecurity and Privacy Protection - Cybersecurity Framework Development Guidelines, specifies how to create or refine a robust system to protect against cyberattacks.
Recognizing that there are many different cybersecurity frameworks, with widely varying lexicons and conceptual structures, this technical specification aims to simplify the task for both creators and users by providing a minimum set of internationally agreed concepts and definitions that everyone can agree on. . This frees up valuable time to combat real threats to cybersecurity rather than getting bogged down in concepts and terminology.
ISO / IEC TS 27110 is complemented by ISO / IEC TS 27100, Information technology - Cybersecurity - Overview and concepts, which defines cybersecurity, sets its context in terms of information security risk management when information is in digital form, and describes the relevant relationships, including how cybersecurity relates to information security.
Dr Edward Humphreys, coordinator of the ISO expert working group that developed the documents, said the new guidance will help industry players become more effective in managing cyber risks that are pervasive across our digital world. .
"The IT security industry spends significant amounts of time and resources complying with disparate regulations that, in the finite resource environment, take valuable time and resources away from actual cybersecurity activities. This will help maximize resources to do in the face of fighting cyber threats in real time, "he said.
"There are differences in every country and in all global environments. These new technical specifications are intended to provide clear guidance that will help organizations create a cybersecurity framework that is flexible in use, while enabling compatibility and interoperability. between frames. This will help alleviate these differences, while meeting stakeholder requirements, and create consistency across the industry. "
ISO / IEC TS 27110 and ISO / IEC TS 27100 were developed by the joint technical committee ISO / IEC JTC 1, Information Technology, subcommittee SC 27, Information Security, Cybersecurity and Privacy Protection, whose secretariat is in the hands from DIN, ISO member for Germany.
Sergio Lopera
CTO Echeck Company
@sergiolopera
Adapted from Clare Naden, ISO Org