A changing environment
As financial organizations use more open networks, e-banking and mobile-banking services, they face new challenges from information security threats. Threats such as phishing, malware and cyber-attacks are becoming more and more frequent and users increasingly need to protect assets and data. To meet these challenges they need a robust information security management system which reduces the risks to financial and customer data.
Sector-specific guidance for banks and financial institutions
A new IEC and ISO (International Organization for Standardization) Technical Report, ISO/IEC/TR 27015, aims to provide additional support to the finance industry to set up an appropriate information security management system for financial services. At the same time it will provide more confidence to customers.
Greater protection of assets and data increases customer confidence
ISO/IEC/TR 27015, Information technology – Security techniques – Information security management guidelines for financial services, defines sector-specific guidance for financial services organizations to support the information security management of their assets and processed information. It is a supplement to the ISO/IEC 27001 family of standards on information security management systems.
Unique information security needs
Nadya Bartol, a member of the team of international experts that developed ISO/IEC/TR 27015, comments: “ISO/IEC 27002 is widely recognized as the baseline standard for information security in all sectors across the globe.”
“Organizations providing financial services have a different risk profile than those in other sectors and represent natural attack targets. A high level of trust in the protection of financial and customer data is therefore crucial for them.
Complementary to ISO/IEC 27002 on IT Security techniques
“At a time when the financial sector faces unprecedented focus on legislative and regulatory controls, as well as persistent cyber-attacks, ISO/IEC/TR 27015 complements ISO/IEC 27002 by providing additional information security guidelines specific to financial services organizations, to support them in managing their information security risks.”
ISO/IEC/TR 27015, Information technology – Security techniques – Information security management guidelines for financial services, was developed by ISO/IEC JTC (Joint Technical Committee) 1: Information technology SC (Subcommittee) 27: IT Security techniques.