This PAS specifies a framework for the governance and management of cyber security risk.<\/p>\n
The requirements of this PAS define the overall outcomes of effective cyber security, and include technical, physical, cultural and behavioural measures alongside effective leadership and governance.<\/p>\n
While there are many standards and guidelines available that can help tackle cyber security risk, they tend to define good practice as to how elements of effective cyber security might be achieved. PAS 555 does not specify such processes or actions \u2013 it allows any organization to choose how it achieves the specified outcomes, whether that be through the adoption of other standards and management systems, such as BS ISO\/IEC 27001, or through its own defined processes.<\/p>\n
Since the PAS 555 framework defines the outcomes of effective cyber security, it is less likely to change over time whereas the way in which the outcomes are achieved can change.<\/p>\n
The PAS is intended for any organization that wishes to establish confidence in its cyber security governance and management. It is applicable to all organizations regardless of their size, type and the nature of their business.<\/p>\n
| PDF Pages<\/th>\n | PDF Title<\/th>\n<\/tr>\n | ||||||
|---|---|---|---|---|---|---|---|
| 3<\/td>\n | Contents <\/td>\n<\/tr>\n | ||||||
| 5<\/td>\n | Foreword <\/td>\n<\/tr>\n | ||||||
| 6<\/td>\n | Executive summary <\/td>\n<\/tr>\n | ||||||
| 8<\/td>\n | 0 Introduction <\/td>\n<\/tr>\n | ||||||
| 9<\/td>\n | 1 Scope 2 Terms and definitions <\/td>\n<\/tr>\n | ||||||
| 12<\/td>\n | 3 Management structure 4 Commitment to a cyber security culture 5 Security context 6 Business architecture strategy 7 Capability development strategy 8 Supplier and partner strategy 9 Technology strategy 10 Business resilience 11 Compliance with legislation and other standards <\/td>\n<\/tr>\n | ||||||
| 13<\/td>\n | 12 Risk assessment 12.1 General 12.2 Asset management 12.3 Threat assessment 12.4 Vulnerability assessment 13 Protection and mitigation 13.1 People security 13.2 Physical security 13.3 Technical security 13.4 Resilience preparedness <\/td>\n<\/tr>\n | ||||||
| 14<\/td>\n | 14 Detection and response 14.1 External awareness 14.2 Internal monitoring 14.3 Protective monitoring 14.4 Cyber security incident management 15 Recovery 15.1 Investigation 15.2 Data integrity reassurance 15.3 Business-as-usual restoration 15.4 Legal process 16 Compliance analysis and continual improvement <\/td>\n<\/tr>\n | ||||||
| 15<\/td>\n | Annex A (informative) Achieving compliance with PAS 555 <\/td>\n<\/tr>\n | ||||||
| 21<\/td>\n | Annex B (informative) PAS 555 application scenarios <\/td>\n<\/tr>\n | ||||||
| 22<\/td>\n | Annex C (informative) Sample supplier\/partner cyber security competence assessment report <\/td>\n<\/tr>\n | ||||||
| 27<\/td>\n | Bibliography <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":" Cyber security risk. Governance and management. Specification<\/b><\/p>\n |