Last reviewed 25 September 2019

The British Standards Institution has published a new report on how Standards can help companies manage the risks surrounding information security.

Entitled Controlling Vulnerability: The Role of Standards in Mitigating Cybersecurity Risk, the report considers how to “boost organisational resilience”.

Cybersecurity has come a long way since the first recorded network hacking incident in 1967, when a high school computer club in Chicago managed to access IBM’s APL network system. As the pace of digital developments has increased, so has the chance for cyber-attacks and data breaches. The report points out that cybersecurity is no longer the responsibility of the IT department — now every employee has a part to play in following security procedures and complying with the data protection requirements.

The report looks at risks surrounding cybersecurity, such as Bring Your Own Device arrangements, the Internet of Things, protecting critical infrastructure, data privacy and human error as well as showing cybersecurity trends and statistics.

It finishes by suggesting the following key Standards for organisations to consider:

  • BS EN ISO 27001:2017 Information Technology. Security Techniques. Information Security Management Systems. Requirements

  • BS EN ISO 27002:2017 Information Technology. Security Techniques. Code of Practice for Information Security Controls

  • BS ISO 27003:2017 Information Technology. Security Techniques. Information Security Management Systems. Guidance

  • BS ISO 27005:2018 Information Technology. Security Techniques. Information Security Risk Management

  • BS ISO 27017:2015 Information Technology. Security Techniques. Code of Practice for Information Security Controls based on ISO 27002 for Cloud Services

  • BS ISO 27018:2019 Information Technology. Security Techniques. Code of Practice Protection of Personally Identifiable Information (PII) in Public Clouds Acting as PII Processors

  • BS ISO 20000-12018 Information Technology. Service Management.

Controlling Vulnerability: The Role of Standards in Mitigating Cybersecurity Risk can be accessed on the BSI website.