By using IT new dangers and risks arise for a company. These have to be reduced without making the security methods too complex and expensive for the acceptable risk. IT security standards are part of this IT security management.
Benefits of standards
By introducing standardized and already proven processes and procedures, sustainable cost reductions and resource savings can be achieved. The high awareness of some standards leads to better cooperation between individual subdivisions and companies.
Since standards are based on the state of the art in technology and science and are constantly being further developed, the introduction of such standards results in an appropriate level of safety that a certification will also make visible.
Last but not least, the proof by appropriate certifications also strengthens the confidence of the customers and can contribute to the improvement of the company image.
Security for industrial automation and control systems
IEC 62443 describes a family of standards in the area of Industial Automation and Control Systems (IACS). In recent years, this family has become a trend-setting standard for industrial security. It covers all different areas and roles of IACS. The standard distinguishes between manufacturers of individual components (IEC 62443-4-1 & IEC 62443-4-2), machine and plant manufacturers (IEC 62443-2-4 & IEC 62443-3-3) and the operator of the machine or plant (IEC 62443-2-1, IEC 62443-2-3 & IEC 62443-1-3).
Information technology — Security techniques — Information security management systems — Requirements
ISO 27001 deals with information security in companies, non-profit organizations and public institutions on the basis of an information security management system (ISMS). In addition to operating an ISMS, the standard deals with the analysis and handling of information security risks. Thus, the ISO 27001 standard offers companies a structured approach to protect their data and its confidentiality.