Organizations in the financial sector are moving towards more open networks and the provision of e-banking and mobile-banking services, which means they face new challenges from information security threats, such as phishing, malware or cyber-attacks. To meet these challenges, an adequate information security management system should be adopted by these organizations to prevent and reduce the risks and impacts to financial and customer data and to ensure that an effective level of information security and privacy is offered with their products and services.
ISO/IEC TR 27015:2012, Information technology – Security techniques – Information security management guidelines for financial services, defines sector-specific guidance for organizations providing financial services in order to support the information security management of their assets and processed information. It is a supplement to the ISO/IEC 27001 family of standards on information security management systems.
Nadya Bartol, a member of the team of international experts that developed ISO/IEC TR 27015, comments: “ISO/IEC 27002:2005 is widely recognized as the baseline standard for information security in all sectors across the globe. Organisations providing financial services have a different risk profile than those in other sectors and represent natural attack targets. A high level of trust in the protection of financial and customer data is therefore crucial for them. At a time when the financial sector faces unprecedented focus on legislative and regulatory controls, as well as persistent cyber-attacks, ISO/IEC TR 27015:2012 complements ISO/IEC 27002:2005 by providing additional information security guidelines specific to financial services organisations for supporting them in managing their information security risks.”
ISO/IEC TR 27015:2012, Information technology – Security techniques – Information security management guidelines for financial services, was developed by ISO technical committee ISO/IEC JTC 1, Information technology, subcommittee 27, IT Security techniques. It costs 92 Swiss francs and is available from ISO national member institutes (see the complete list with contact details) and from ISO Central Secretariat through the ISO Store or by contacting the Marketing, Communication and Information department.