BSI, the National Standards Body, has created a new specification PAS 555 Cyber security risk – Governance and management - Specification to help organizations manage their exposure to cyber security risks.
According to the Information Security Breaches Survey 2013 carried out by BIS (The Department for Business, Innovation and Skills) the cost of the worst breach of the year appears to have significantly increased, to £35,000 - £65,000 for small businesses and £450,000-£750,000 for large organizations. The data in the survey demonstrates that having robust cyber security management helps protect the business, its reputation and the bottom line.
PAS 555 offers a framework that defines the outcomes of good cyber security practice. It extends beyond the technical aspects of cyber security to encompass physical and people security aspects as well. It can work on a stand-alone basis or can be integrated with existing protocols or standards.
Central to the framework is the requirement for a cyber security risk assessment. This allows an organization to understand its cyber security risk exposure and develop a robust approach to managing that risk, according to its business context. The creation of PAS 555 arose from a need recognized by industry and also articulated in the Government’s 2011 Cyber Strategy. The PAS is sponsored and supported collaboratively by Cisco, Control Risks, G4S, PA Consulting Group and Symantec, with other key stakeholders involved in its development.The specification is aimed at the operational executive, board members and senior management, and is applicable to all sizes of organization.
Anne Hayes, Head of Market Development for Risk at BSI, says, “Many organizations today are still not aware which cyber issues are potential threats to their business. The outcomes-based approach offered by this specification helps them to identify those threats and tackle the issue of cyber security management effectively.”
Ed Savage, Cyber Security expert, PA Consulting Group says, “To date, most cyber security related best practice has focused almost exclusively on methods and the controls. PAS 555 instead focuses on the outcomes – the aims and impacts of security processes – and helps organizations identify the areas of their business that needs protecting the most.”