Cybersecurity

ISO standards, like ISO 27001 (information security management) and ISO 22301 (business continuity management), help organizations to identify and prioritize cybersecurity resources considering business objectives, relevant information security risks, and impacts of disruptive events over business processes and services.

For example, if an organization's core business is providing software as a service, protection of source codes and users’ data may be a paramount concern related to information security, and availability of provided software during a disruptive event (e.g., loss of a datacenter) may be essential for business continuity.

Based on this information cyber security controls related to the protection of source code (e.g., secure development practices) can be justified, as well as the provision of resources related to alternative sites containing proper hardware and software to ensure a quick recovery for a disruptive event.  

For further information, see:

• What is cybersecurity and how can ISO 27001 help? https://advisera.com/27001academy/blog/2011/10/25/what-is-cybersecurity-and-how-can-iso-27001-help/
• How to achieve sustainable competitive advantage through cybersecurity https://advisera.com/27001academy/blog/2022/01/21/cybersecurity-competitive-advantage-model/
• Small business guide to cyber security: 6 steps against the data breach https://advisera.com/27001academy/blog/2015/02/09/small-business-guide-to-cyber-security-6-steps-against-the-data-breach/
• What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
• What is ISO 22301 https://advisera.com/27001academy/what-is-iso-22301/