- Security TWENTY
- Women in Security
The international standards body ISO with the International Electrotechnical Commission (IEC), has brought out ISO/IEC TS 27110, Information technology, cybersecurity and privacy protection – Cybersecurity framework development guidelines. They specify how to create or refine a robust system to protect against cyber-attacks.
As many cyber security frameworks exist, with different terms and conceptual structures, the developers say that this technical specification is for simplifying the task for both creators and users by providing an internationally agreed minimum set of concepts and definitions that everyone can agree on. This then frees up time for combatting the real threats to cyber, rather than getting tangled in concepts and terminology.
ISO/IEC TS 27110 is complemented by ISO/IEC TS 27100, Information technology – Cybersecurity – Overview and concepts, which defines cyber security, establishes its context in terms of managing information security risks when information is in digital form, and describes relevant relations such as how cybersecurity relates to information security.
Dr Edward Humphreys, Convenor of the ISO working group that developed the documents, said the new guidance will help industry be more effective in managing cyber-risks across our digital world. He said: “The IT security sector invests significant amounts of time and resources into complying with disparate regulations which, in the environment of finite resources, takes valuable time and resources away from actual cybersecurity activities. This will help to maximize resources to deal with combatting real-time cyber threats.
“Differences exist within individual countries and across global environments. These new technical specifications aim to provide clear guidance that will help organizations create a cybersecurity framework that is flexible in use while allowing for compatibility and interoperability across frameworks. This will contribute to alleviating these differences, while meeting stakeholder requirements, and create coherence across the industry.”