ISO has updated its guidelines for assessing information security controls, acknowledging that businesses of all sizes face a new operational threat as we move through the 21st century.
Regardless of the industry, you’re more than likely dealing in data. Your data, details of your customers, your intellectual property; you name it, it could be compromised. While security measures are becoming increasingly more sophisticated, there is still a potential risk of having your business undermined by a hack, with the subsequent loss of trust from your clients a potential disaster.
ISO 27008 Information Technology - Security Techniques - Guidelines for the assessment of information security controls, provides guidance on assessing your existing information security controls, quantifying the effectiveness of your systems, and whether or not they’re in line with your company’s objectives, and your industry.
Professor Edward Humphreys, leader of the working group responsible for developing the ISO 27008, says the standard will help organizations to prepare for what the statistics allude to as an almost certain hack in the coming years.
“In a world where cyber-attacks are not only more frequent but increasingly harder to detect and prevent, assessing and reviewing the security controls in place needs to be undertaken on a regular basis and be an essential aspect of the organisation’s business processes.”
“ISO 27008 can help give organizations confidence that their controls are effective, adequate and appropriate to mitigate the information risks the organisation faces.”
According to statistics from Cisco, in the Asia Pacific Region, 51% of companies in “suffered downtime lasting between 9-48 hours which is globally, the highest for this range of time.”
51% of those cyberattacks resulted in a loss of more than $1-million. If that breach was detected instantly, the damage on average was around $433,000, and if detecting the breach is delayed by more than a week, this figure rockets up to $1.2-million.
We’ve reported recently on a hack originating from China targeting small and medium sized businesses that was caught by Australian cyber authorities.
“Software attacks, theft of intellectual property or sabotage are just some of the many information security risk that organisations face. And the consequences can be huge.” ISO wrote on their website.
“Most organizations have controls in place to protect them, but how can we ensure those controls are enough? The international reference guidelines for assessing information security controls have just been updated to help.”