Information assurance and standards [CIMSP]
The course is part of this learning path
You’ve heard about the importance of globalised standards in this Course, but now, it’s time to find out more about the organisations that help to achieve these standards.
World Standards Cooperation
Can you remember the two organisations that form the World Standards Cooperation? Both the IEC and the ITU work together with the ISO to create the WSC. However, it’s not just those who are responsible for maintaining standards, both new and with standing, across the globe…
National standards bodies
In addition to the standards conceived directly by ISO, others have been adopted from national standards bodies, such as the British Standards Institute (BSI). An example from an information security perspective is BS 7799; this was the pre-cursor for the internationally adopted ISO/IEC 27001. Those controls are outlined in Annex A of the Standard. There are 114 ISO 27001 Annex A controls, divided into 14 categories and 27002 standards (IAAA Identification Authentication Authorisation Accountability).
The ISO and IEC together
One of the services this collaboration provides is that the ISO/IEC 27005 gives guidance for information security risk management, which is a useful standard for an organisation to adopt if a risk management methodology isn’t already in place. Rather than specifying the risk analysis method, it specifies the process for analysing risks, leading to the creation of a risk treatment plan.
The British Standards Institution (BSI)
There’s also the BSI, which is a service organisation that produces standards across a wide variety of industry sectors. Its codes of practice and specifications cover management and technical subjects ranging from business continuity management to quality requirements. Like CE kite marks on products.
When it comes to creating security features within your own services, these organisations are there to provide you with the guidance and experience to ensure that you make decisions that adhere to the standards. But that is not all, they will also keep you and your organisation safe. Next up, you’ll be reading about how local standards within your own organisation do a similar thing.
In this course on Malicious software, you will learn about the various types of Malicious code in detail, contrast the different types before looking at the countermeasures used to combat them. You’ll also encounter non-technical controls, and our expert Mark will show you the OWASP top ten security threats.
A world-leading tech and digital skills organization, we help many of the world’s leading companies to build their tech and digital capabilities via our range of world-class training courses, reskilling bootcamps, work-based learning programs, and apprenticeships. We also create bespoke solutions, blending elements to meet specific client needs.