2. Introduction
ISO (the International Organization for Standardization) and IEC (the International
Electrotechnical Commission) form the specialized system for worldwide
standardization. ISO/IEC 27032 was prepared by Joint Technical Committee ISO/IEC JTC
1, Information technology, Subcommittee SC 27, IT Security techniques. The term
ISO/IEC 27032 refers to ‘Cybersecurity’ or ‘Cyberspace security,’ which is defined
as the protection of privacy, integrity, and accessibility of data information in the
Cyberspace. Therefore, Cyberspace is acknowledged as an interaction of persons,
software and worldwide technological services. The international standard ISO/IEC
27032 is intended to emphasize the role of different securities in the Cyberspace,
regarding information security, network and internet security, and critical information
infrastructure protection (CIIP). ISO/IEC 27032 as an international standard provides a
policy framework to address the establishment of trustworthiness, collaboration,
exchange of information, and technical guidance for system integration between
stakeholders in the cyberspace.
3. Scope And Focus
The focus of this PowerPoint Presentation is to address internet security issues related
to ISO/IEC 27032 and provides technical guidance for addressing common internet
security risks.
The standard does not directly address cyber safety, cybercrime, Internet safety,
Internet-related crime or protection of critical information infrastructure. This means
the Standard will only provide a guide that will help us to ensure that our interaction
with the virtual environment of cyberspace is much safer.
In the attempt to improve the state of cyber security the following dependencies will
also satisfy by the ISO/IEC 27032 effortlessly.
information security
network security
internet security
critical information infrastructure protection
4. Benefits of ISO/IEC
Protect the organization’s data and privacy from cyber threats
Strengthen your skills in the establishment and maintenance of a Cyber security program
Develop best practices to managing cyber security policies
Improve the security system of organization and its business continuity
Build confidence to stakeholders for your security measures.
Respond and recover faster in the event of an incident.
5. Main differences between ISO 27001 and ISO
27032
The main difference between ISO/IEC 27032 and ISO/IEC 27001 is in its respective
scope. ISO/IEC 27032 derives from and supports ISO/IEC 27001, which is related to
the Information Security, not regarding the nature of the asset to protect while
ISO/IEC 27032 considers only digital assets, naturally included into information
security assets. Moreover, ISO/IEC 27032 focuses on information system and
includes guidelines to prevent information leakage, to encrypt communication
channels and to make sure information will not be deciphered if accessed by
“external” people
6. Example
Restocks Security is specialized in detecting malicious network behavior and Combatting
Crime. This follows Cyber Security Standard(ISO/IEC 27032) for its Malicious Threat
Detection(MTD) system.