ISO announce new ICT security standard to improve Business Continuity resilience

ISO security standards and Business Continuity
 
 
The International Standards Organisation (ISO) has released a new set of international guidelines to help protect and ensure the security of information and communication technologies and boost Business Continuity capabilities.
 
ISO/IEC 27031:2011 is aimed at all organisations regardless of their type, size and complexity and it is hoped that through the adoption of the standard greater resilience against hacking, denial of service and malware attacks will be seen.
 
The ISO guidelines  provide close connection with the business continuity process and will help management integrate planning and address both core and emerging risks.  In addition,  the ISO/IEC 27031:2011 guidelines helps identify key activities that provide the opportunity to improve and develop the organisations  preparedness for disruptions and  improve their capacity to recover quickly,  and thereby  mitigating the impact and severity of the risk. 
 
Information and Communication Technologies are now at the core of most organisations critical activities across virtually all sectors.  Over the past few years significant concerns have been raised by a number of agencies concerning the general security of ICT  systems and there has been extensive reporting around the increased use of cyber attacks by numerous groups.
 
The announcement  of this ISO standard comes following numerous warnings that have been made by intelligence services in a number of countries concerning what has been termed as cyber warfare. 
 
Commenting on the standard, committee member Prof. Edward Humphreys, said “The business environment is constantly changing – along with threats to a company’s survival. Organisations need to be ahead of the game, and an excellent defence can be built around risk-based information security management system (ISMS) founded on ISO/IEC 27001, together with business continuity management processes based on ISO/IEC 27031.”
 
ISO/IEC 27031:2011 provides  and internationally recognised framework described in the principles and concepts needed to develop ICT  resilience and provides guidelines detailing the methods and processes needed. These cover aspects such as the performance criteria, design and implementation phases in a  clear and consistent way.