Chapter 7. Standards: What Are They and Why Should We Care?


‘People and processes are finally becoming recognized as the greater focal point for risk management efforts as technology is acknowledged to be an enabler for achieving organizational objectives, not the solution.’

 --Global Information Security Workforce Study (2001)[43]

What are standards[44]?

The International Organization for Standardization (ISO) defines standards as:


Documented agreements containing technical specification or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose.

 --ISO (2002b)

With the realization that we face an uncertain security ...

Get CyberWar, CyberTerror, CyberCrime: A Guide to the Role of Standards in an Environment of Change and Danger now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.