Guest user Created: Jan 12, 2016 Last commented: Jan 12, 2016

Cyber Security - ISO 27001

I note that within the new ISO 27002 Code of Practice, there are no controls for cyber security. With this in mind, would the mitigation of cyber security be addressed with network architecture kept under review and implemented, use of IDS/IPS with their configuration kept up to date for access requirements, firewalls maintained correctly, policies & procedures and maintaining a proactive posture.

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

I have downloaded a copy of your book 9 steps to cyber security - Excellent reading.

Answer:

This is correct, cyber security is not explicitly mentioned in ISO 27001 nor ISO 27002. And you are correct, the IT controls you mentioned should be used to protect your information systems from cyber threats. However, as I mentioned in my book 9 Steps to Cybersecurity, IT security is not going to be enough - other organizational controls, as well as human resources management controls (e.g., training & awareness) are also needed.

This art icle may also help you: What is cybersecurity and how can ISO 27001 help? https://advisera.com/27001academy/blog/2011/10/25/what-is-cybersecurity-and-how-can-iso-27001-help/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community