Industry experts estimate that annual losses from cybercrime could rise to USD 2 trillion by next year1). With countless new targets added every day, especially mobile devices and connected “things”, a joined-up approach is essential.
The attraction of cybercrime to criminal hackers is obvious: tangled webs of interactions, relatively low penalties, disjointed approaches on money laundering and potentially massive payouts. The key is preparation and seeing vulnerabilities, and resilience, in terms of interactions with overall management systems, and that’s where information security management systems (ISMS) standard ISO/IEC 27001 comes in.
This is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago. Developed by ISO/IEC JTC 1, the joint technical committee of ISO and the International Electrotechnical Commission (IEC) created to provide a point of formal standardization in information technology, it has been constantly updated and expanded to include more than 40 International Standards covering everything from the creation of a shared vocabulary (ISO/IEC 27000), risk management (ISO/IEC 27005), cloud security (ISO/IEC 27017 and ISO/IEC 27018) to the forensic techniques used to analyse digital evidence and investigate incidents (ISO/IEC 27042 and ISO/IEC 27043 respectively).
These standards are not only about helping to manage information security but will also help to identify and bring criminals to justice. For example, ISO/IEC 27043 offers guidelines that describe processes and principles applicable to various kinds of investigations, including, but not limited to, unauthorized access, data corruption, system crashes, or corporate breaches of information security, as well as any other digital investigation.
Source: DRJ New feed