About the Standards Blog
Reducing the risks of information security breaches with ISO/IEC 27005Clare Naden
–July 19, 2108 - ...The newly revised ISO/IEC 27005:2018, Information technology â€“ Security techniques â€“ Information security risk management, provides guidance for organizations on how to wade through it all by providing a framework for effectively managing the risks.
Complementary to ISO/IEC 27001:2013, which provides the requirements for an information security management system (ISMS), ISO/IEC 27005 has recently been updated to reflect the new version of ISO/IEC 27001 and thus ensure it is best equipped to meet the demands of organizations of today.
It provides detailed risk management guidance to help meet related requirements specified in ISO/IEC 27001...â€œISO/IEC 27005 provides the â€˜why, what and howâ€™ for organizations to be able to manage their information security risks effectively in compliance with ISO/IEC 27001. It also helps to demonstrate to an organizationâ€™s customers or stakeholders that robust risk processes are in place, giving them confidence that they are good to do business with.â€
ISO/IEC 27005 is one of more than a dozen standards in the ISO/IEC 27000 series that make up the cyber-risk toolkit, led by the flagship ISO/IEC 27001, Information technology â€“ Security techniques â€“ Information security management systems â€“ Requirements. Others in the series include those for protecting information in the Cloud, information security in the telecoms and utility sectors, cybersecurity, ISMS auditing and more...
ISO/IEC 27005 was developed by working group 1 Information security management systems of technical committee ISO/IEC JTC 1, Information technology, subcommittee SC 27, IT Security techniques, the secretariat of which is held by DIN, ISOâ€™s member for Germany.
It is available from your national ISO member or the ISO Store.
1) Forbes - IT Security: Get The Optimal Level With A Management Policy That Points To The User
ISO/IEC 27001 Information security management
Ensure your organization\'s information is secure with this family of standards.
+41 22 749 0474
Information security risk management
Information security management systems
ISO/IEC JTC 1/SC 27
IT Security techniques
Information technology, graphics and photography
+41 22 749 0431
Keep up to date with ISO
Sign up to our newsletter for the latest news, views and product information Full Story
WPA3 Guide: A new WiFi standardDouglas Crawford
–July 18, 2108 - We all use WiFi all the time. There are more WiFi devices in existence than there are people...
It is, therefore, a pity that WPA2, the standard used to protect data as it travels over the radio waves between your device and the router which connects it the internet, is completely broken.
A whitepaper published in October last year demonstrated that every WPA2 connection is insecure. Thanks to the KRACK vulnerability, all unencrypted data sent over WiFi on pretty much every one of the 9 billion WiFi devices on the planet, can be easily snooped on by hackers.
And perhaps the most alarming thing at the time was that there was nothing to replace itâ€¦
It therefore comes as little surprise that the Wi-Fi Alliance has recently announced the launch of WPA2â€™s successor, cunningly tilted WPA3. Not only does it fix the KRACK vulnerability, but it addresses many other issues with WiFi security in general that have become increasingly apparent since WPA2 was introduced back in 2004... Full Story
Linux Foundation Brings Power of Open Source to Energy SectorSean Michael Kerner
–July 17, 2108 - Open-source technologies have been used to transform and innovate across multiple industries, and now the Linux Foundation is bringing that power to the energy industry in an effort that could have wide-ranging benefits.
The Linux Foundation launched on July 12 its latest effortâ€”LF Energy, an open-source coalition for the energy and power management sector...
There are four initial projects that are part of LF Energy, with more likely to be added in the coming months. The OperatorFabric is a smart assistant for system operators. The Let\'s Coordinate project builds on the OperatorFabric to enable operator collaboration. The Resilient Information Architecture Platform for Smart Grid (RIAPS) provides services for building effective distributed applications. The PowSyBl Framework provides reusable modular components for performance computing platforms that enable grid modeling... Full Story
China Releases Opinion Document Related to Enterprise Standards, as Part of Ongoing Standardization Reform
–July 16, 2108 - China's newly established State Administration of Market Regulation (SAMR), together with [multiple ministries] and the People's Bank of China, released a document entitled Opinions on Implementing a "Pioneer"/"Frontrunner" System for Enterprise Standards...
This latest document states that the "Pioneer"/"Frontrunner" system is designed to improve the supply of medium- to high-end products and services through the use of enterprise standards, and to support incentive policies for high-quality standards development. This provides more insight into the Chinese government's vision for enterprise standards, beyond the introduction provided in China's revised standardization law.
In looking to further China's reform of its standardization system, this "Pioneer"/"Frontrunner" system will focus on the fundamental principles of (i) being demand-oriented, (ii) openness and fairness, (iii) innovation as a driving force, (iv) relying on the market, and (v) focusing on regulations... Full Story
World Wide Web Consortium (W3C) launches Internationalization InitiativePress Release
W3C –July 13, 2108 - The World Wide Web Consortium (W3C) announced the launch of the Internationalization Initiative to further internationalize the Web.
Internationalization ("i18n") is the design and development of applications, specifications, etc, in a way that ensures they will work well for users regardless of culture, region, or language. Web for All has long been an area of strong commitment at the W3C. From its inception in early 1998, the i18n activity has worked to enable universal access to the Web, producing an extensive range of completed and ongoing work to make the World Wide Web truly world wide. However, as the Web continues to grow, as we welcome more of our world onto the Web, we want and need to do more...Internationalization makes it possible to use Web technologies with different languages, scripts, and cultures. The W3C Internationalization activity works with W3C working groups and liaises with other organizations to internationalize the Web...
The Internationalization Initiative will attract participation in the form of stakeholders to provide expert personnel and additional funding to provide a significant boost to work in three main aspects of the internationalization continuum:
- Language enablement ensures that the Web supports the native typographic features that users around the world are accustomed to, and enables users to interact with the Web in line with long-standing print traditions.
- Developer support helps creators of specifications, of system-level tools (browsers, printers), of user-level tools (editors), to understand and implement support for international features. Plans to provide additional support include investigating ways to meet internationalization requirements in new areas of technology and tooling.
- Author support expands educational and outreach to people creating web content in their own language, as well as to companies who build or localize a large number of websites in many languages... Full Story
ACORD, Aon, and Beazley release new Cyber Data Breach StandardMatt Sheehan
–July 12, 2108 - ACORD, the insurance and reinsurance industry data standards body, has collaborated with Aon and Beazley on the development of the ACORD Cyber Data Breach Standard, a new standard that aims to increase operational efficiency across the global re/insurance value chain...As demand for cyber coverage continues to increase, there is a growing need for streamlined, standardised cyber risk data exchange, according to ACORD...With the new Cyber Data Breach Standard, which the parties claim is an industry first, ACORD will provide a baseline for compliance and audit-related activities, which will increase operational efficiency for cyber risk stakeholders and allow solutions providers to leverage standards for increased support... Full Story
SMPTE publishes audio watermark standard to bolster ad attribution on TV, set tops and mobileBennett Bennett
–July 11, 2108 - The Society of Motion Picture and Television Engineers (SMPTE) has published a new standard, which uses audio watermarking technology created by Kantar Media to bind Ad-IDs to commercials and EIDR codes to pieces of programming content.
The announcement came four years after the Coalition for Innovative Media Measurement (CIMM) launched a joint initiative to create an identification standard and months after a call by marketers on brand, agency, and media sides to find ways for streamlining content identification and measurement at Februaryâ€™s CIMM conference in New York...
Listed as ways this new solution could optimize and enhance the industry\'s current experience: reduced barriers to launching more cross-platform advertising; improvement of second-screen viewing and multiscreen content discovery, enhanced automated content recognition and detection, accelerated digital content locker adoption and complete long-tail content monetization, and an enhanced ability to trigger surveys, quizzes, or coupons on mobile devices... Full Story
New SD card format will transfer at nearly a gigabyte per secondMalcolm Owen
–July 5, 2018 - The SD Association has published a new version 7.0 specification for SD cards, with updates in two areas significantly increasing the potential capacity of the future memory cards, as well as boosting the data transfer rates to almost 1 gigabyte per second.
The first major update is called \"SD Express,\" which introduces PCIe 3.0 and NVMe 1.3 interface support to speed up connectivity between the card\'s memory and the device holding the card. According to the specifications, the card will be capable of transfer speeds of up to 985 megabytes per second, though it is unclear if this will apply to both read and write speeds, or just for reading data...The other update, \"SD Ultra Capacity,\" is an expansion of available storage. While current-generation SD cards can offer a maximum capacity of 2 terabytes, the new standard advises Ultra Capacity cards can offer up to 128 terabytes of storage... Full Story
China's play for global 5G dominance - standards and the 'Digital Silk Road'Elsa Kania
–July 4, 2018 - China is actively seeking to lead in setting technical standards across a range of emerging industries, from ultra-high voltage (UHV) transmission to artificial intelligence. Developing homegrown standards and internationalising them can enable Chinese companies to increase their market share, even dominance, globally.
Chinaâ€™s highly strategic approach to standardisation, including seeking greater \'discursive power\' in relevant international organisations, reflects an understanding of the competitive advantage that influence in this domain can confer. The Standardisation Administration of China plans to issue the \'China Standards 2035\' to promote Chinese technical standards across a range of industries...China is positioning itself at the forefront of 5G, recognising that fifth-generation mobile communications will be a vital \'information expressway\' that can enhance national competitiveness. 5G promises much higher speeds, greater capacity and lower latency. Such next-generation connectivity will enable the deployment of internet of things (IoT) and AI technologies, including self-driving cars and smart cities... Full Story
Global IoT security standard remains elusiveAaron Tan
–July 3, 2018 - The plethora of security standards and technologies being used to secure the internet of things (IoT) today could make it difficult for a global IoT standard to emerge, according to the Internet Society...Complicating matters is the fact that technology suppliers have a vested interest in advocating the use of certain technologies to secure IoT devices...
These principles are reflected in a set of enterprise IoT security recommendations released by the Internet Society this week. Among them is the need for companies to closely follow the lifecycle of IoT devices, which should be decommissioned once they are no longer updatable or secure... Full Story