CHAPTER 7: STANDARDS: WHAT ARE THEY AND WHY SHOULD WE CARE?
People and processes are finally becoming recognized as the greater focal point for risk management efforts as technology is acknowledged to be an enabler for achieving organizational objectives, not the solution.1
What are standards2?
The International Organization for Standardization (ISO) defines standards as:
Documented agreements containing technical specification or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose. (ISO, 2002b)
With the realization that we face an uncertain security environment, it follows that our security structures must ...