Advances in technology are sometimes marked by a paradox. On the one hand, technology helps to provide the constant and immediate access to information that today’s users demand, on the other, each technological development in this field comes with an equal or greater challenge to protect information and other resources.
Worldwide companies are using ISO 27000 series standards or the well known NIST series of standards to secure their valuable assets and data. Implementing those standards is difficult and maintaining those standards is even more difficult.
A question is how to compare your cyber security status against colleague companies in your industry sector (e.g. utilities, banking- and telecom sector).
Knowing the status of your cyber security is getting more and more important in this connected world.
Benchmarking ISO 27000 is a powerful management tool because it overcomes “paradigm blindness”.
Paradigm blindness can be summed up as the mode of thinking. “The way we do is the best, because this is the way we have always done it” Benchmarking ISO 27000 encourages a company to become open to newmethods, ideas, processes, and practices to improve effectiveness, efficiency and performance. It helps crack through resistance to change by demonstrating other methods of solving problems than the one currently employed, and demonstrating that they work, because they are used by others. The benefits of benchmarking are to create a feeling about how you are performing against regulations, agreed standards in the sector and, comparison against colleague companies in the sector.
No company wants to be the weakest link. Comparison gives the opportunity to learn from others in the sector. Why did the other score better in a certain security section? We can help you to determine
these questions and provide the answers. The results provide answers to the following key questions:
- Gain an independent perspective about how well are we performing compared to other companies
- Gives us insight information on our cyber security status
- Clearly identify specific areas of opportunity
- Validate assumptions
- Prioritize improvement opportunities
- Set performance expectations
- Monitor company performance and manage change
Integrating benchmarking ISO 27000 into the organization will result in valuable data that encourages discussion and sparks new ideas and practices.
However, the approach to benchmarking ISO 27000 can be just as important as the data. The most successful companies incorporate benchmarking into the culture by engaging key decision makers and personnel throughout the process.
Companies who benchmark ISO 27000 their performance report the following benefits:
- Identifies specific problem areas and eliminates guesswork
- Builds confidence when "gut feel" assumptions are validated
- Helps to prioritize improvement opportunities
- Shifts internal thinking from "inputs" to "outputs" (i.e. measures)
- Serves as an excellent baseline "report card"
- Makes it easier to increase performance expectations and "raise the bar"
- Creates a sense of competitiveness and a real desire to improve
- Challenges people to "work smarter" instead of "working harder".
There is widespread awareness of the importance of securing information systems. Shortly after the inception of the World Wide Web, various worms, Trojan horses, viruses and tools were developed to exploit weaknesses in information systems. Since then it has been a cat‐and-mouse game played by security officers and attackers. However, with the introduction of new technologies within organizations and infrastructures, new potential vulnerabilities arise and should be addressed. Because of the potentially high impact of a successful attack on the electric grid, it is highly important that new smart grid technologies are secure.
By Hans Baars
Want to know more?
Title: Foundations of Information Security Based on ISO27001 and ISO27002
Author: Hans Baars & Jule Hintzbergen & Kees Hintzbergen & Andre Smulders
Languages: English or Dutch