ISO Standards

In today's world, our interactions with various networks are innumerable. Users must place their trust in the owners of those networks to keep their personal and identifiable data secure and private. The network owners must also protect their own assets—proprietary product information, financial details, personally identifiable information entrusted to them, and other valuable data may become targets for theft, corruption, sabotage, or other malfeasance.

To guard against these attacks, organizations must develop and implement sound cybersecurity policies. Fortunately, each organization does not need to reinvent the wheel. Standards exist to guide companies toward best practices in various aspects of policy development, as well as to comply with cybersecurity regulations in relevant jurisdictions. Professional organizations such as the Institute of Electrical and Electronics Engineers (IEEE) and the International Organization for Standardization (ISO) have published guidelines that can inform policy development. In addition, NIST has developed a framework to guide organizations in developing cybersecurity standards.

The standards are designed to address every aspect of cybersecurity. Guidelines exist regarding user accounts, internal and external communications, physical and virtual security of servers and other network equipment, audit and compliance reviews, user awareness and training, methods of addressing risks, procedures for minimizing damage in the event of a breach, and notification requirements.

A thorough investigation into the relevant and applicable standards is a critical step in the formation of cybersecurity policies for any organization.