International Standards and Conformity Assessment for all electrical, electronic and related technologies

May 2013

 

Financial e-security gets tougher

Janice Blondeau

A new IEC and ISO Technical Report enables information security management systems to better manage risks.

A changing environment

As financial organizations use more open networks, e-banking and mobile-banking services, they face new challenges from information security threats. Threats such as phishing, malware and cyber-attacks are becoming more and more frequent and users increasingly need to protect assets and data. To meet these challenges they need a robust information security management system which reduces the risks to financial and customer data.

Sector-specific guidance for banks and financial institutions

A new IEC and ISO (International Organization for Standardization) Technical Report, ISO/IEC/TR 27015, aims to provide additional support to the finance industry to set up an appropriate information security management system for financial services. At the same time it will provide more confidence to customers.

Greater protection of assets and data increases customer confidence

ISO/IEC/TR 27015, Information technology – Security techniques – Information security management guidelines for financial services, defines sector-specific guidance for financial services organizations to support the information security management of their assets and processed information. It is a supplement to the ISO/IEC 27001 family of standards on information security management systems.

Unique information security needs

Nadya Bartol, a member of the team of international experts that developed ISO/IEC/TR 27015, comments: “ISO/IEC 27002 is widely recognized as the baseline standard for information security in all sectors across the globe.”

 

“Organizations providing financial services have a different risk profile than those in other sectors and represent natural attack targets. A high level of trust in the protection of financial and customer data is therefore crucial for them.

Complementary to ISO/IEC 27002 on IT Security techniques

“At a time when the financial sector faces unprecedented focus on legislative and regulatory controls, as well as persistent cyber-attacks, ISO/IEC/TR 27015 complements ISO/IEC 27002 by providing additional information security guidelines specific to financial services organizations, to support them in managing their information security risks.”

 

ISO/IEC/TR 27015, Information technology – Security techniques – Information security management guidelines for financial services, was developed by ISO/IEC JTC (Joint Technical Committee) 1: Information technology SC (Subcommittee) 27: IT Security techniques.

 

 

  • The financial world faces new challenges from information security threats
  • ISO/IEC/TR 27015, aims to provide additional support to the finance industry to set up an appropriate information security management system
  • It defines sector-specific guidance for financial services organizations

 

 

Find out more