Expert Advice Community

Guest

Cyber Security - ISO 27001

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Cyber Security - ISO 27001

I note that within the new ISO 27002 Code of Practice, there are no controls for cyber security.  With this in mind, would the mitigation of cyber security be addressed with network architecture kept under review and implemented, use of IDS/IPS with their configuration kept up to date for access requirements, firewalls maintained correctly, policies & procedures and maintaining a proactive posture.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Guest
DejanK Jan 12, 2016
 
I have downloaded a copy of your book – 9 steps to cyber security -  Excellent reading.

Answer:

This is correct, cyber security is not explicitly mentioned in ISO 27001 nor ISO 27002. And you are correct, the IT controls you mentioned should be used to protect your information systems from cyber threats. However, as I mentioned in my book 9 Steps to Cybersecurity, IT security is not going to be enough - other organizational controls, as well as human resources management controls (e.g., training & awareness) are also needed.

This art icle may also help you: What is cybersecurity and how can ISO 27001 help? https://advisera.com/27001academy/blog/2011/10/25/what-is-cybersecurity-and-how-can-iso-27001-help/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics