The attraction of cybercrime to criminal hackers is obvious: tangled webs of interactions, relatively low penalties, disjointed approaches on money laundering and potentially massive payouts.
The key is preparation and seeing vulnerabilities, and resilience, in terms of interactions with overall management systems, and that’s where Information Security Management Systems (ISMS) standard ISO/IEC 27001 comes in.
This is the flagship of the ISO/IEC 27000 family of standards, which was first published more than 20 years ago.
It has been constantly updated and expanded to include more than 40 International Standards
Developed by ISO/IEC JTC 1, the joint technical committee of ISO and the International Electrotechnical Commission (IEC) created to provide a point of formal standardization in information technology, it has been constantly updated and expanded to include more than 40 International Standards covering everything from the creation of a shared vocabulary (ISO/IEC 27000), risk management (ISO/IEC 27005), cloud security (ISO/IEC 27017 and ISO/IEC 27018) to the forensic techniques used to analyse digital evidence and investigate incidents (ISO/IEC 27042 and ISO/IEC 27043 respectively).