Issue 51 – July 2013
A new IEC and ISO Technical Report, ISO/IEC/TR27015:2012 Information technology – Security techniques – Information security management guidelines for financial services, aims to provide additional support to the finance industry to set up an appropriate information security management system for financial services. At the same time, it will provide more confidence to customers.
A changing environment
As financial organisations use more open networks, e-banking, and mobile-banking services, they face new challenges from information security threats. Threats such as phishing, malware, and cyber-attacks are becoming more and more frequent and users increasingly need to protect assets and data. To meet these challenges, they need a robust information security management system that reduces the risks to financial and customer data.
ISO/IEC/TR 27015 defines sector-specific guidance for financial services organisations to support the information security management of their assets and processed information. It is a supplement to the ISO/IEC 27001 family of standards on information security management systems.
Unique information security needs
Nadya Bartol, a member of the team of international experts that developed ISO/IEC/TR 27015, says ISO/IEC 27002 is widely recognised as the baseline standard for information security in all sectors across the globe. 'Organisations providing financial services have a different risk profile than those in other sectors and represent natural attack targets. A high level of trust in the protection of financial and customer data is therefore crucial for them.'
'At a time when the financial sector faces unprecedented focus on legislative and regulatory controls, as well as persistent cyber-attacks, ISO/IEC/TR 27015 complements ISO/IEC 27002 by providing additional information security guidelines specific to financial services organisations, to support them in managing their information security risks.'
Note: You can order ISO standards from www.standards.co.nz or call 0800 782 632 during business hours or email firstname.lastname@example.org. Members of Standards New Zealand receive a 20% discount on all NZS and AS/NZS standards, and a 10% discount on all international standards. Visit our membership page for more information.