GENEVA, Switzerland—The International Organization for Standardization (ISO) has issued new guidelines to help manufacturers prevent cyberattacks and other digital threats that are becoming increasingly common. ISO/IEC TS 27008 can help organizations assess and review their current controls that are being managed through the implementation of ISO/IEC 27001.
“Software attacks, theft of intellectual property or sabotage are just some of the many information security risks that organizations face,” says Edward Humphreys, leader of the ISO working group that developed the standard. “And, the consequences can be huge.
“In a world where cyberattacks are not only more frequent, but increasingly harder to detect and prevent, assessing and reviewing the security controls in place needs to be undertaken on a regular basis and be an essential aspect of the organization’s business processes,” warns Humphreys.
“ISO/IEC TS 27008 can help give [manufacturers] confidence that their controls are effective, adequate and appropriate to mitigate information risks,” claims Hynphreys.
“For any organization, information is one of its most valuable assets and data breaches can cost heavily in terms of lost business and cleaning up the damage,” Humphreys points out. “Thus, controls in place need to be rigorous enough to protect it, and monitored regularly to keep up with changing risks.”
The ISO technical specification has been updated to align with new editions of other complementary standards on information security management, such as ISO/IEC 27000 (overview and vocabulary), ISO/IEC 27001 (requirements) and ISO/IEC 27002 (code of practice for information security controls).
To learn more about the cybersecurity standards, click www.iso.org.