Risk & resilience in security systems

Challenging emerging risks with best practices

Learn how standards create a culture of resilience

Article

Data, security and risk: Taking a standards-based approach

Across the globe, the pandemic has made significant social and economic impacts, which has caused long-term changes to working culture and consumer behaviour and has heightened other serious risks for the industry. Amongst these risks, cybersecurity has proved to be one to look out for. During the past few years, reports of cybersecurity incidents and attempted data breaches have increased drastically. The rise of hybrid working and the trend towards the digitization of services e.g., retail banking, have meant that individuals, businesses, and institutions are relying more heavily on digital networks for all aspects of communication and operation. As usual, cybercriminals have been quick to try and take advantage of this greater vulnerability. Unfortunately for a large organization with a regional, national, or even international reputation, a single information security incident can have a significant impact on brand perception and consumer trust. Once data is lost or stolen, even if the breach is caused by a mistake, the consequences can be long-lasting. Organizations risk financial loss, fines, and reputational damage. Operations are often disrupted too, and if any intellectual property is compromised, competitors may be able to access critical information to erode a brand’s competitive edge. The Importance of Information Security Standards A standards-based strategic approach to information security protocols pays dividends – particularly in uncertain times. It helps larger organizations secure varying operational and geographical priorities, as well as ensuring that an increasingly dispersed and home-based workforce becomes a cybersecurity advantage, rather than a risk. Executives can use information security standards to better understand information security risk levels, consulting BS EN ISO/IEC 18045:2020, which outlines a methodology for evaluation, and BS EN ISO/IEC 15408-3:2020, for evaluation criteria and assurance components for IT security. With benchmarking complete, executives can use BS EN ISO/IEC 27001 to design a bespoke information security management policy. This standard provides a systematic framework to counter an array of evolving cybersecurity threats. Importantly for larger companies, it highlights the requirement for a holistic approach to information security management. Documented, company-wide policies based on international standards will enable leaders to instill the right awareness and vigilance amongst employees. They should prioritize education and training for all, regardless of department. To learn more about how standards help organizations to manage their security requirements, click here. Other information security standards in the ISO 27000 series are also very helpful – particularly when ensuring that staff understands their responsibilities. BS EN ISO/IEC 27002:2022, for example, provides a code of practice for information controls, which is useful for corporations with homeworking teams across multiple locations. With a strong foundation in place, executives can then consult BS EN ISO/IEC 27014:2020 for guidance on key concepts, objectives, and processes for the top-level governance of information security. It sets out roles and responsibilities for executive management and boards of directors, helping them to make timely decisions in support of their business objectives. Meanwhile, the proper storage of organizational, customer, and stakeholder data are a vital consideration for legislative compliance and reputational safety. Cloud-based services are ubiquitous, and every company should have specific storage policies. Thankfully, there are some well-established standards for managers to use in this area. BS ISO/IEC 27017:2021 provides enhanced controls for both cloud service providers and their customers. This is important when defining precise roles and responsibilities and ensuring that all cloud storage relationships are as secure as possible. Legislation around personal data, and its secure management, has made the headlines in recent years, with the introduction of regulations like GDPR in Europe. BS ISO/IEC 27701:2025 provides a common set of concepts with which organizations can tackle personal data protection, and better demonstrate compliance. Beyond this, modern supply chain operations demand secure information exchange and storage capabilities to maintain trust and confidence between partners. Organizations can use BS ISO/IEC 27036-1:2014 to provide an overview for information security within supplier relationships, and BS ISO/IEC 27036-3:2013, which outlines related guidelines for supply chain security. All the information security standards we’ve highlighted here underscore the importance of frequent monitoring, benchmarking, and continued improvement. Effective information security is an ongoing process and no organization can afford to become complacent – the nature and complexity of external threats are constantly evolving. Implementing international standards demonstrates an organizational commitment to the highest levels of information security. This is vital in the current climate of uncertainty and tentative economic recovery. A standards-based approach enables companies to mitigate risk and reduce the overall impact in the event of any incident. The BS EN ISO/IEC 27000 series and over 100,000 more internationally recognized standards are available with a BSI Knowledge subscription which can help build a culture of digital trust in your business. Our tailored subscription service provides flexibility, access, visibility, and control over the standards and insights your educational institution needs to achieve cybersecurity. Build your own custom collection of standards and keep updated with any relevant changes to your cybersecurity strategy. Request to learn more. Ensure your organization is implementing information security management best practices by adding these information security standards to your collection today.