Covid-19 shows the importance of a systemic approach for information- and cybersecurity. Certification of information- and cybersecurity validates efforts and is the basis for a unified understanding of one of the most important necessities for the digital eco-system.

Even before the outbreak of Covid-19 at the beginning of 2020, cybersecurity has become one of the most important topics for all industries and companies around the globe, and it regularly tops CEO’s what-keeps-you-up-at-night surveys.

Securing assets, ensuring integrity of supply chains, security and validity of relevant processes and first and foremost meeting the demand for secure products for users from industry, but also the private sector has become of utmost importance in our ever so interconnected world. To tackle these challenges, multiple systemic approaches are available for stakeholders of every size and industry. Solutions may vary from self-assessments, internal audits, third-party audits and validation via certification.

By now, many cybersecurity-certification schemes have been developed world-wide, varying from component-security, to process and organization security and various levels in between. One of the core components of a holistic cybersecurity-strategy is an information security management system (ISMS), which can be certified in accordance with the international standard ISO 27001:2017 and may be further enhanced with segment and technology-specific certification schemes, such as ISO 27011, ISO 27017, ISO 27018, ISO 27701 et al.

Whilst certification is not the one-key-for-all-locks solution, organizations, products and people may benefit from it as it makes cybersecurity tangible, comparable and therefore a more widely accepted and understood tool for companies of all industries and sizes. The ISO 27001:2017 has a big advantage: it is a very widely used and understood standard which provides a good common set of cybersecurity-focused requirements.

It is important to understand that an ISMS in accordance with ISO 27001 is not an out-of-the-box solution and may be customized and adjusted to specific organizational circumstances. The key requirements of the standard, such as management commitment, tracking and measuring, improvement and disaster recovery plans should of course always be taken into account in any organization.

To put things into context, an ISMS should be seen more as a way to continually improve organizational cybersecurity and not as a burden. Certification via a third party may be seen as a method to standardize cybersecurity globally and validate efforts. Certification helps to show to the outside world that one of the most important necessities of our globalized world – cybersecurity – is tackled professionally and in accordance with continually evolving, internationally accepted standards.

Our understanding of the “new normal” should incorporate a deep understanding of the importance of information- and cybersecurity. Implementing an ISMS may become the initial milestone for a more secure world in the 21st century for industry and the private sector.

By Marcello Walz, Global Business Line Manager Cybersecurity, TÜV SÜD Management Service GmbH, and co-lead of the Charter of Trust Principle 7 Taskforce

You may also like

Security by Default Webinar: Protect your business using the Secure Development Lifecycle approach
icon Security by Default

Security by Default Webinar: Protect your business using the Secure Development Lifecycle approach

The Charter of Trust’s Principle 3 Taskforce is pleased to invite you to a webinar on Thursday, 19th October 2023 14:00-15:00 CEST

How the can you protect your business using the Secure Development Lifecycle approach in a dynamic regulatory environment and threat landscape?

Join us and discuss with our experts how the Charter of Trust's step-by-step guidelines for the Secure Development Lifecycle can assist you in enhancing cybersecurity through in Security by Default and Security by Design strategies.

The Charter of Trust consists of 10 Principles and this webinar is brought to you by the Charter’s Taskforce on Principle 3 “Security by Default”. Experts in this taskforce work to establish and adopt the highest appropriate level of security and data protection and ensure that it is preconfiguered into the design of products, functionalities, process, technologies, operations, architectures, and business models. We call this our Baseline Requirements: With them in mind, you can ensure confidentiality, authenticity, and integrity within your systems.

In this webinar, you can learn how to bridge the two sets of baseline requirements, first for products, functionalities, and technologies, second for processes, operations, and architecture. It shows you step-by-step how a product or service can be designed integrating baseline security mechanisms. To make this knowledge highly actionable for you, experts from TÜV SÜD, IBM, Atos and our guest from the Cloud Security Alliance will share best practices with insights and examples.
October 19, 2023
5 min read
Charter of Trust Position on the EU Cyber Resilience Act
icon External Engagement

Charter of Trust Position on the EU Cyber Resilience Act

The Charter of Trust welcomes the Commission’s proposal for horizontal rules introducing cybersecurity requirements for connected products. We believe that improving products and software development practices and transparency will benefit the entire cybersecurity ecosystem. Policymakers should, however, ensure seamless and clear application between the CRA and other product-related and cybersecurity legislations to provide more legal certainty to businesses across the supply chain.
September 25, 2023
5 min read
Making the digital world a safer place through cyber threat knowledge sharing
icon External Engagement

Making the digital world a safer place through cyber threat knowledge sharing

By Julian Meyrick, Managing Partner & Vice President, Security Strategy Risk & Compliance, Security Transformation Services Software, IBM Security
February 23, 2023
5 min read