New cyber security standard to be created in the UK. Impact on Privacy protection.
December 1, 2013 |
The UK is looking to review the ISO27000 series standards for privacy.
The Department for Business and Innovation Skills issued a statement providing:
Businesses said that cyber security standards need to:
- be internationally-recognised
- promote international trade
- allow sytems to exchange and use information
- be auditable, like those in the ISO27000-series
Businesses also said we should balance compliance-based and outcome-based standards, whilst helping companies implement the right parts of a standard in the right parts of their business. This is what the Information Assurance for Small and Medium-sized Enterprises (IASME) and the Information Security Forum’s (ISF) ‘Standard of Good Practice’ offer.
Government will now work with industry to develop a new implementation profile, based on ISO27000-series standards.
The ‘UK Cyber Security Standards Research’ report provides a clearer overview of cyber security standards, and current and potential uptake.
The Goverment response to the preferred standards for cybersecurity was released in November 2013 (found here) and provides: