Page 112 - Cyber Defense eMagazine August 2023
P. 112
The International Organization for Standardization (ISO) is a multinational federation of standards
organizations from 168 countries around the world. They serve as a forum for members to collaborate in
the development and promotion of worldwide standards for technology, scientific testing, and working
conditions. These approved standards are then sold by the ISO to global accrediting organizations,
issuing certifications to businesses and institutions that apply for them and then ensuring they comply
with these standards.
Currently, ISO 27001 is the industry’s leading standard for information security management systems.
Today, some of the world’s largest technology companies have ISO 27001 certification, including
Microsoft, Verizon, Apple, Google, Intel, and Amazon. But it’s not just for the larger, global conglomerates.
ISO 27001 can provide companies of any size with guidance for establishing, implementing, and
maintaining their systems to manage risks related to the security of the company’s data.
Additionally, ISO 27001 promotes a holistic approach to information security by vetting people, policies,
and technology. When an information security management system is implemented according to this
standard, it becomes an essential tool for risk management, cyber-resilience, and operational excellence.
According to the ISO, implementation of their 27001 standard helps organizations in multiple ways by:
• Reducing vulnerability to the growing threat of cyberattacks, and helping companies respond to
evolving security risks
• Ensuring assets such as financial statements, intellectual property, and employee data entrusted
to third parties remain undamaged, confidential, and available
• Providing a centrally-managed framework that secures all information in one place, including
paper-based, cloud-based, and digital data
• Preparing people, processes, and technology throughout an organization to face technology-
based risks and other threats
• Saving money by increasing efficiency and reducing expenses for ineffective cyberdefense
technology
The ISO standard also benefits companies by signaling to potential customers that they take
cybersecurity seriously. Certification demonstrates that a vendor is committed to constantly investing in
the infrastructure, staff, and policies needed to ensure that their customers’ data remains safe and secure.
This is especially important for businesses that provide IT or technology services to other organizations
like MSPs, SaaS vendors, or cloud hosting organizations. Also, clients working in extra sensitive
industries like healthcare and defense are often required by law to work with IT vendors who maintain
ISO 27001 certification for compliance reasons. That means certification can bolster a company’s
reputation in these sectors while opening them up to new customers and markets.
Miradore, the mobile device management company I work for, recently received its own ISO 27001
certification. Initially, we did this to show our commitment to strong cybersecurity practices and
demonstrate our commitment to protecting our customers. But we had also heard from many potential
customers that they wanted to work with us but needed an ISO 27001–certified vendor. Now, by having
this certification, we can bring in new business while ensuring that all of our customers are protected by
the industry’s leading data security practices.
Cyber Defense eMagazine – August 2023 Edition 112
Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.