Knowing cybersecurity and its importance in the organization.

Among the wide variety of risks affecting the information security of companies, one of the most modern aspects in this regard is the interaction between people, applications, and Internet services, which also affect security on the Internet, networks and information technology communications. Nowadays, any company, regardless of its size, can easily fall prey to cyber-attacks or digital thieves who, without necessarily having much specialized knowledge, can obtain valuable information from the company. These attacks take advantage of various vulnerabilities, which are not necessarily technological, but are related to ignorance of basic aspects of security, e.g. not to open emails having attachments of dubious origin, even more when these include files of unknown origin. In this regard, it is important to identify the most suitable framework according to the actions resulting from adequate risk analysis.

ISO 27032 offers an approach to cybersecurity or cyberspace security issues to prioritize the most relevant IT resources or assets that need to be protected in the organization. Therefore, it also offers a guide of recommendations to address these cybersecurity issues with a more specific and detailed approach than the one provided by Annex A of ISO 27001 and ISO 27002. Information security, and especially cybersecurity as a whole, represents a problem of extreme care and very common nowadays; thus, concrete actions are required to treat and mitigate it from a risk approach. For this reason, the technical implementation of ISO 27032 at strategic points makes it possible to strengthen the security of networks, the Internet, as well as applications, in order to address the risks of social engineering attacks, secret and unauthorized access to computer systems (hacking), proliferation of malicious software (“malware”), spyware, and other types of potentially undesirable software.