Cyber Security Tutorial

Cyber Security Overview Cyber Security Introduction Cyber Crime Cyber Space Cyber Criminals Cyber Law Cyber Attackers Types of Hackers Functions of Cyber Security Method to Improve Data Security Cyber security frameworks Importance of Cyber Security Types of Cyber Security Cyber Security Fundamentals Applications of cyber security Cyber security in education sector Cyber security in health care industry Cyber security tools Cyber security policies Types of security policies Characteristics of cyber security policies Digital signature Cyber Security Standards NIST- National Institute of Standard and technology Information Technology Act ISO - International Standard for Organization ISO certification PCI DSS Standard FINRA Difference between Information Security and Cyber Security Cyber Security Vulnerability Elements of vulnerability management Social Engineering Vulnerability Assessment Vulnerability management Types of cyber security vulnerabilities Identification of security vulnerability Types of social engineering attacks Penetration Testing Penetration Testing Tools Types of penetration testing Process of Penetration Testing What is Phishing Elements of cyber security Difference between Spoofing and Phishing Difference between Network Security and Cyber Security Difference between Ethical Hacking & Cyber Security Role of artificial engineering in cyber security Cyber Forensics Definition Cyber Security job qualifications Cyber Security Prerequisites Cyber Security Identity and Access Management What is Cyber Forensics Different Types of Cybercrime Different types of cybercrime Tunneling Techniques in Cyber Security

ISO - International Standard for Organization
2022-06-05 00:01:37

ISO - International Standard for Organization

* Abbreviation is ISO of International Standard for Organization derived from the ancient Greek word ísos which means equivalent or equal. ISO develops and publishes a wide of industrial, commercial, and proprietary standards.

* Organization- International and non-governmental made up of national standard bodies. It is a committee of 162 national standard bodies and 784 technical committees and sub-committees.

* Founded/ officially established in 1947, 23 February

* Headquarters – Geneva, Switzerland

Some of the well known ISO standards are as follows:

ISO 9001Quality ensures the reputation of a company. Therefore, it should have some standard; therefore, ISO 9001 is made to create, implement and maintain a ‘Quality Management System’ for any given company/industry of any size or capital. It’s a collection of fourteen standards that describe a family of quality management standards, established in 1987 and updated every 7 years. Lastly, it was updated in 2015 and since running. A quality management system prepares the organization to produce quality products and services for the focused customers. It also emphasizes on top management process and continuous improvement that extends throughout the organization.
ISO 14001This standard is related to ISO 14000 family standard related to the environment. It provides an environmental management system to the company based on the continuous improvement model PCDA- Plan-Do-Check-Act. It is very popular and has provided over 300,000 certifications in 171 countries worldwide to the companies with a motive to improve its process (proved to be a voluntary standard).
ISO 8601This standard is an international standard that describes data and times globally.
ISO 6For the film industry, it handles camera film speed where it allows photographers to select the right film for their subject.
ISO 9660Responsible for ISO images for computer files as it enabled compact discs.
ISO 22000This standard is designed to support the organization working in the food industry, where it focuses on implementing and developing a food safety management system. Family of ISO 22000 consists of multiple standards used in various organizations, directly or indirectly involved with food. ISO 22001 – Used for food and drink ISO 22002 – For food manufacturing ISO 22000: 2005 – the common standard applied independently and integrated with ISO 9001. 
ISO 50001One of the newest energy standards (ISO 50001:2011) helps reduce an organization's energy footprint by reducing greenhouse gas emissions and energy costs. This standard is created to handle Energy management systems in an organization to improve energy usage and efficiency. According to the Office of Energy Efficiency & Renewable Energy, this standard has done over 5000 certifications, increasing 234% certification in the last years. This standard helps companies to improve their standards of business processes.   
ISO 20000Every business uses information technology; therefore, this standard has proved vital for every organization to be independent (delivering effective IT management services). It’s a fundamental element of doing business and affects operations like how you operate and communicate in business.
ISO 31000This standard manages the risk effectively in any field for an organization. It was designed in 2009 and eliminated the need for many industry standards and handle risk management systems. With this standard, risks or threats are identified and effectively allocated to use resources for risk treatment.    
ISO 13845ISO 13845 is designed for the health care industry consisting of a document providing medical equipment standards. This standard did not belong to a family of standards and was published in 2003, with a revision published in 2016. Implemented with ISO 9000 to provide over 25000 certifications to state that an organization is qualified to do business. It also put a QMS in place to produce medical devices and equipment.
ISO 26000  It’s a relatively new standard focus on social responsibilities during working in an organization. It justifies the working of business and employees in a socially capable manner by explaining their social duty. With the help of this standard, an effective system is set up by associations to do activities identified with corporate social responsibility goals.
ISO 20121This standard was established in 2012 with all the requirements that help businesses and individuals to improve the sustainability of their event-related activities as it covers event sustainability.

Usually, ISO 27000 series has 60 standards regarding information security issues, and some are described here:

ISO 27000The ISO 27000 standard is created to handle the security and protection of information technology in a company. It was started in 2005(with two basic standards, ISO 27001:2013& ISO 27002:2013). It has provided over 22000 certifications worldwide with its different standard versions as it is a broad standard.
ISO 27001This standard is a specification of an ISMS-information security management system designed to replace the old BS7799-2 standard. Organizations recommend and use this standard for certification, which can be customized to fit the need of organizations.
ISO 27002It is the new version of the original ISO 17799 standard, also known as BS7799-1, and consists of guidelines for implementing SGSI with 114 controls structured in 14 domains and 35 control objectives. This standard is a technical document that puts a code of conduct and focuses on each individual.
ISO 27003This standard offers new guidance for successfully implementing the information security management system and SGSI process.
ISO 27004This standard includes ISO27002-aligned controls and covers information security system management measurement and metrics with correct definition and correction of metrics.
ISO 27005This ISO standard handles the risk department in an industry that includes information security risk management.
ISO 27006It consists of guidelines for the accreditation of organizations that offer information security system management certification with ISO/IEC-27001.
ISO 27007This standard offers a guide that establishes procedures for conducting external and internal audits for verifying and certification implementation of ISO/IEC-27001.
ISO 27008To review ISMS control adequacy, this standard defines how to evaluate ISMS controls because they effectively mitigate risks.
ISO 27009This standard includes requirements and newly added controls to ISO 27001 standard that are applicable in specific sectors. It aims to make the implementation more effective.
ISO 27010It is applicable for telecommunication organizations where it handles how information should be treated during sharing among multiple organizations. In comparison, sharing information about what risks can arise and what controls can mitigate them, especially when related to security management in critical infrastructure.
ISO 27011It indicates how an organization can efficiently implement, maintain, and manage an SGSI control in telecommunication organizations.
ISO 27013This standard establishes a guide for the organizations that implement both the integration of standard 27001(SGSI) and the 2000service management system (SGS).
ISO 27014With this standard, organizations can monitor, evaluate and communicate information security activities due to establishing principles for information security governance.
ISO 27015It provides principles regarding the implementation of SGSI in companies responsible for financial services like banking or electric banking services.
ISO 27016It is designed to support the management of organizations by helping them in economic decision-making related to information security management.
ISO 27017It consists of 37 specific controls based on the 27002 standards for cloud services.
ISO 27018This version addresses cloud computing for third parties that implement procedures and controls to protect data in an organization and complements 27001 and 27002 standards.
ISO 27019A guide is given to apply to energy-related issues in the industry. It is based on standard 27002  to implement an SGSI.
ISO 27031It covers the IT disaster-related activities and recovery programs in an organization or industry.
ISO 27037This ISO standard addresses the protection and collection of digital evidence.
ISO 27040It addresses data storage security.
ISO 27799This ISO standard is useful for health care industries that require HIPPA compliance for information security.

Difference between ISO and ISO Standards?

ISO – It’s a national and non-governmental federation consisting of multiple standards bodies covering more than 160 countries (one standard body representing one member country).

ISO standards are the main product of ISO. These internationally agreed-upon formulas define the best way of doing a specific activity in an organization with limitations, i.e., following rules and regulations.

Conclusion

There are various ISO standards defined for a particular sector in business and can also be applied to non-business organizations. These standards work effectively by being revised constantly for a certain period to adapt and bring the changes in our environment, social attitude, technology, and legislation.