{"id":4714,"date":"2011-10-25T13:01:33","date_gmt":"2011-10-25T13:01:33","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/blog\/011\/10\/25\/what-is-cybersecurity-and-how-can-iso-27001-help\/"},"modified":"2024-12-21T16:18:53","modified_gmt":"2024-12-21T16:18:53","slug":"what-is-cybersecurity-and-how-can-iso-27001-help","status":"publish","type":"post","link":"https:\/\/advisera.com\/27001academy\/blog\/2011\/10\/25\/what-is-cybersecurity-and-how-can-iso-27001-help\/","title":{"rendered":"What is cybersecurity and how can ISO 27001 help?"},"content":{"rendered":"<p>Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is \u2013 but at least the general idea is pretty much the same. However, when it comes to the question on how to achieve it, opinions differ sharply.<\/p>\n<p>This topic has become so hot lately that even President Obama dedicated a speech to it in 2009 (I must admit, the best explanation on cybersecurity I&#8217;ve ever heard).<\/p>\n<h2>Cybersecurity definition<\/h2>\n<p>So what is cybersecurity? I think this short definition from Techtarget.com is the most appropriate: \u201dCybersecurity is the body of technologies, processes and practices designed to protect networks, computers, programs and data from attack, damage or unauthorized access.\u201d<\/p>\n<p>Just to note here \u2013 cybersecurity is not exactly the same thing as information security. Information security is a discipline that doesn&#8217;t take care only of digital information, but also of information in other media \u2013 paper documents, etc. Therefore, cybersecurity is a subset of information security, although in today&#8217;s world cybersecurity takes up a major part of information security.<\/p>\n<p>How can cybersecurity be important to you? Can you imagine doing your business without IT infrastructure? Your most sensitive information is (most probably) archived on your IT systems \u2013 what would happen if they were compromised? How would you communicate with your clients without e-mail, website or phone?<\/p>\n<p>One could argue that nowadays the companies are all about information \u2013 although I do not agree completely with that statement, it does show the reliance of modern organizations on information. Information that is primarily stored in digital form.<br \/>\n<div id=\"middle-banner\" class=\"banner-shortcode\"><\/div><script>loadMiddleBanner();<\/script><br \/>\n<div id=\"side-banner-trigger\" class=\"banner-shortcode\"><\/div><\/p>\n<h2 style=\"padding-top: 10px; padding-bottom: 10px;\">Connection with ISO 27001<\/h2>\n<p>Reading the above definition, cybersecurity is all about policies, procedures, processes, applying technology in a secure way, etc.<\/p>\n<p>When thinking about this, the first thing that comes to mind is \u2013 it sounds complex! Is it really possible to carry out all that is required, and not to forget something? I would say it is, but you need to find a framework to achieve such a comprehensive task. <a href=\"https:\/\/advisera.com\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">ISO 27001<\/a>, a leading international standard that defines how to manage information security, is emerging lately as the leading framework to protect your digital assets. It is already very popular in Europe and East Asia, and is gaining more and more popularity in North and South America.<\/p>\n<p>Click here to read about <a href=\"\/27001academy\/what-is-iso-27001\/\" target=\"_blank\" rel=\"noopener noreferrer\">the basics of ISO 27001<\/a>.<br \/>\n<div class=\"responsive-video-wrapper\"><iframe loading=\"lazy\" title=\"What is cybersecurity management and how can ISO 27001 help?\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/94MqRQqtYvg?feature=oembed&#038;rel=0\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div><\/p>\n<h2>The pros and cons of using ISO 27001 as a cybersecurity framework<\/h2>\n<p>I may be subjective about the importance of ISO 27001, but let&#8217;s take a look at how this standard can help you with regard to cybersecurity:<\/p>\n<ul>\n<li>First of all, the standard forces you to think comprehensively, so that you wouldn&#8217;t forget some important element of your information security \/ cyber security protection.<\/li>\n<li>The philosophy of ISO 27001 is based on risk assessment \u2013 in such a way it allows not only to customize the protection of information security according to the needs of each particular organization, but it also allows to focus on the most important issues. By the way, risks management is becoming more and more prevalent in managing not only financial institutions, but all kinds of for-profit and non-profit organizations.<\/li>\n<li>The standard recognizes that emphasis only on technology wouldn&#8217;t solve the problem, so it focuses on how to manage the relationship between the organization (processes, structure, policies, etc.), the people (employees, vendors, etc.) and the technology.<\/li>\n<li>A large portion of information security legislation in many countries is based on ISO 27001 \u2013 that means you can use this standard for resolving compliance issues.<\/li>\n<li>ISO 27001 is the only international information security standard against which an organization can get certified, proving to third parties that it is compliant.<\/li>\n<\/ul>\n<p>There are negative sides to ISO 27001, of course. The primary concern, especially among IT professionals, is that this standard doesn&#8217;t offer any guidelines on how to implement certain technology. This lack of technical detail is due to the intention of the standard \u2013 to serve as a framework within which an organization can choose the most appropriate technology.<\/p>\n<p>But for the technological details you can use other standards \u2013 like ISO 27002 (guidelines for the implementation of security controls), or NIST Special Publications (800 Series). The good thing about ISO 27001 is that it tells you where to start from, and when to use other standards for particular technology.<\/p>\n<h2>The next step<\/h2>\n<p>Of course, ISO 27001 is not the only framework you can use to implement cybersecurity \u2013 but you must choose a framework because otherwise you will be left with a headache about where to start from and what to take into account.<\/p>\n<p>So when President Obama said \u201dcyber threat is one of the most serious economic and national security challenges we face as a nation\u201c, you are lucky if you don&#8217;t have to take care of the cybersecurity of a whole nation. But you do have to take care of your company&#8217;s sensitive information, or at least of your personal information. And you need to find the way to do it.<\/p>\n<p><em><span class=\"notion-enable-hover\" data-token-index=\"0\">To automate your compliance with ISO 27001 security controls,<\/span>\u00a0<\/em><a class=\"notion-link-token notion-focusable-token notion-enable-hover\" tabindex=\"0\" href=\"https:\/\/advisera.com\/conformio\/\" target=\"_blank\" rel=\"noopener\" data-token-index=\"2\"><span class=\"link-annotation-unknown-block-id-1092142182\">sign up for a free trial<\/span><\/a>\u00a0<em><span class=\"notion-enable-hover\" data-token-index=\"4\">of Conformio, the leading ISO 27001 compliance software.<\/span><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is \u2013 but at least the general idea is pretty much the same. However, when it comes to the question on how to achieve it, opinions differ sharply. This topic has become so hot lately that even President &#8230;<\/p>\n","protected":false},"author":26,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[277,379,381,402,424],"class_list":["post-4714","post","type-post","status-publish","format-standard","hentry","category-blog","tag-risk-assessment","tag-information-security","tag-iso-27001","tag-iso-27002","tag-controls"],"acf":[],"_links":{"self":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4714","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/users\/26"}],"replies":[{"embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/comments?post=4714"}],"version-history":[{"count":1,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4714\/revisions"}],"predecessor-version":[{"id":103334,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/posts\/4714\/revisions\/103334"}],"wp:attachment":[{"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/media?parent=4714"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/categories?post=4714"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/advisera.com\/27001academy\/wp-json\/wp\/v2\/tags?post=4714"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}