Download the full outcome
Detail of outcome
Businesses said that cyber security standards need to:
- be internationally-recognised
- promote international trade
- allow sytems to exchange and use information
- be auditable, like those in the ISO27000-series
Businesses also said we should balance compliance-based and outcome-based standards, whilst helping companies implement the right parts of a standard in the right parts of their business. This is what the Information Assurance for Small and Medium-sized Enterprises (IASME) and the Information Security Forum’s (ISF) ‘Standard of Good Practice’ offer.
Government will now work with industry to develop a new implementation profile, based on ISO27000-series standards.
The ‘UK Cyber Security Standards Research’ report provides a clearer overview of cyber security standards, and current and potential uptake.
The government intends to select and endorse an organisational standard that best meets the requirements for effective cyber risk management. There are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security. We aim to offer clarity to the private sector, based on the standard that we select and choose to promote.
On 30 April 2013 we published a guidance document and a response form to help organisations and groups prepare their evidence for submitting.
Cyber security strategy and standards
Government published its ‘Cyber security strategy’ in November 2011. This set out our intentions to encourage industry-led standards and guidance for organisations to manage the risk to their information, and to encourage companies that are good at managing information risk to make this a selling point for their business. This call for evidence, and our subsequent selection of a preferred standard, will help businesses identify what good cyber risk management looks like and select which organisational standard to invest in.
For further information on particular aspects of this call for evidence, contact us at email@example.com.