Connect with us

Hi, what are you looking for?

Cyber Security

ISO/IEC TS 27100

ISO/IEC TS 27100:2020 – Information technology — Cybersecurity — Overview and concepts

Introduction

As per the standard (in fact, a technical specification):

“Cybersecurity is a broad term used differently throughout the world. This document defines cybersecurity, establishes its context, and describes relevant concepts, including how cybersecurity is related to and different from information security.

Cybersecurity concerns managing information security risks when information is in digital form in computers, storage and networks. Many of the information security controls, methods, and techniques can be applied to manage cyber risks.”

The scope of the standard

The purpose of this document is to provide an overview of cybersecurity.

Content of the standard

Several concepts about cybersecurity and cyber risk management are presented in the standard, and they are contrasted against information risk and security management.

Status

At the end of 2020, the standard was published.

Commentary

On two parallel planes, it seems, two cyber worlds exist simultaneously:

1. Vital national infrastructure: an important concern for government and defence is how to protect vital national infrastructure from terrorism, foreign powers, and various other threats coming from the Internet. That’s scary! There is a vested interest on the part of those that are developing offensive capabilities in this area to ensure others do not develop their defensive capabilities … it appears that some are intentionally spreading confusion and frustrating attempts to ensure clarity in this area (using this international standard, for example). It’s a tactic to delay the process.
2. Internet, network, and IT security are the same as they always are: protecting digital data against deliberate attacks in general. Essentially, this is just an everyday aspect of information security. Please move on, there’s nothing there to see.

By muddying up the waters rather than clarifying concepts and terminology, the standard is likely to achieve #1 above.

The document contains 17 pages and I suspect it is destined to be relegated to the sidelines of the information superhighway, despite ISO’s desire to view it as a significant contribution to the field. There’s a claim that “cybersecurity is the evolution of information security” and that the new standard “provides much-needed clarification about the differences and similarities between cybersecurity and information security”: describing cybersecurity as the evolution of information security is strange. I find this rather ironic for something that is supposed to provide clarity…

 

 

 

 

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

Latest Post

Advertisement Advertisement
  • solutions-inc
  • solutions-inc
  • solutions-inc
  • solutions-inc

You May Also Like

Information Privacy

ISO/IEC TS 27560 — Privacy technologies — Consent record information structure [Draft] Introduction For recording PII Principals’ (data subjects’) consent to data processing, this...

Compliance

The task to be performed ISO 27001 Clause 10.1 Nonconformity and corrective action, Clause 10 which includes sections 10.1 and 10.2 covers the “Act”...

Cyber Security

ISO/IEC TS 27110:2021 — Information security, cybersecurity and privacy protection — Cybersecurity framework development instructions Introduction As a Technical Specification, the standard (an architecture...

Compliance

The article discusses Compliance with Legal and Contractual Requirements, Identification of Applicable Legislation and Contractual Requirements and Intellectual Property Rights accordingly controls.A.18.1 Compliance with...