Additional support to financial services thanks to IEC and ISO
Geneva, Switzerland, 2013-04-24 – A new IEC (International Electrotechnical Commission), and ISO (International Organization for Standardization) Technical Report aims to provide additional support to the finance industry to set up an appropriate information security management system for financial services while giving more confidence to customers.
Organizations in the financial sector are moving towards more open networks and the provision of e-banking and mobile-banking services, which means they face new challenges from information security threats, such as phishing, malware or cyber-attacks.
To meet these challenges, an adequate information security management system should be adopted by these organizations to prevent and reduce the risks and impacts to financial and customer data and to ensure that an effective level of information security and privacy is offered with their products and services.
ISO/IEC/TR 27015, Information technology – Security techniques – Information security management guidelines for financial services, defines sector-specific guidance for organizations providing financial services in order to support the information security management of their assets and processed information. It is a supplement to the ISO/IEC 27001 family of standards on information security management systems.
Nadya Bartol, a member of the team of international experts that developed ISO/IEC/TR 27015, comments: “ISO/IEC 27002 is widely recognized as the baseline standard for information security in all sectors across the globe. Organizations providing financial services have a different risk profile than those in other sectors and represent natural attack targets. A high level of trust in the protection of financial and customer data is therefore crucial for them.
“At a time when the financial sector faces unprecedented focus on legislative and regulatory controls, as well as persistent cyber-attacks, ISO/IEC/TR 27015 complements ISO/IEC 27002 by providing additional information security guidelines specific to financial services organizations, to support them in managing their information security risks.”
ISO/IEC/TR 27015, Information technology – Security techniques – Information security management guidelines for financial services, was developed by ISO/IEC JTC (Joint Technical Committee) 1: Information technology, SC (Subcommittee) 27: IT Security techniques.