Data is not just information grouped on a server and hard drives. For many organizations, it forms the basis of a strategy. The commercial value of information data is huge. This can lead to serious consequences for organizations.But, fortunately, data security is a fast-growing industry. This is confirmed by the appearance of the technical specification of ISO / IEC TS 27008.
Technical specification ISO / IEC TS 27008 “Information technology – Security techniques – Guidelines for the assessment of information security controls” (2019) contains guidelines for assessing the safety, effectiveness and compliance with organizations’ goals.
This technical specification (TS) was developed in accordance with new versions of other safety management standards: ISO / IEC 27000 (general review), ISO / IEC 27001 (requirements) and ISO / IEC 27002 (set of practical rules for managing information security).This technical specification is based on the ISO / IEC 27001 standard, which imposes quality requirements, in particular the implementation and improvement of the safety management system (ISMS). Taking in service with ISO / IEC TS 27008, organizations can evaluate and, if necessary, constantly review their safety control system.
The ISO / IEC TS 27008 standard has emerged in response to the many challenges associated with a situation where cyber-attacks have become increasingly common, preventing unauthorized access — all an increasingly difficult challenge. If your organization is prone to these factors, then you already know how much an ISMS treatment costs. By using the ISO / IEC TS 27008 technical specification, you can significantly increase the effectiveness and efficiency of your organization’s ISMS.