Leading UK risk managers back government’s cyber risk management standard

Speaking at a roundtable organised by Commercial Risk Europe on the opening day of Airmic’s 2013 conference, a group of senior AIRMIC members agreed that the standard would encourage better risk practices and raise the issue of cyber risk at board level.

The UK’s Department for Business, Innovation & Skills (BIS), its Cabinet Office and The Shareholder Executive opened a consultation on the cyber security organisational standard and a issued call for evidence on 8 April.

On 30 April the group published a guidance document and a response form to help organisations and groups prepare and submit their evidence

The final date for submission is 14 October, 2013.

hide

The government then intends to select and endorse an organisational standard that best meets the requirements for effective cyber risk management.

“There are currently various relevant standards and guidance, which can be confusing for organisations, businesses and companies that want to improve their cyber security. We aim to offer clarity to the private sector, based on the standard that we select and choose to promote,” said BIS in a statement.

The standard forms part of the UK government’s cyber security strategy published in November 2011.

The strategy aims to encourage industry-led standards and guidance to help organisations manage the risk to their information, and to encourage companies that are good at managing information risk to make this a selling point, said BIS.

The call for evidence and subsequent selection of a preferred standard will help businesses identify what good cyber risk management looks like and select which organisational standard to invest in, it added.

The current proposal outlines requirements for a standard, its objectives, outcomes, auditable requirements and controls in ‘at least’ the following areas:

  • Network security
  • Malware prevention
  • Secure configuration of information systems
  • Monitoring
  • Removable media
  • Home and mobile working
  • Managing user privileges
  • User education and awareness
  • Incident management.

For further information on particular aspects of this call for evidence, go to [email protected].

Back to top button