4. Explain how ISO standards are used to support cyber security (AC 2.2)

A great way to show off this would the example of Laying O'Rourke international engineering company. They are based in UK but do business in the United Arab Emirates and Australia. Laying O'Rourke was "facing increasing demand from potential clients to demonstrate it had robust information security management practices in place". Because of the companies size and the fact they worked across several countries, they had different approaches towards its information security practices. To solve this problem and meet the demands of the potential clients, they involved cyber professionals to help with their needs. The solution was to adopt the ISO 27001 standard and took 14 months to implement. Laying O'Rourke now has unified three global regions under a single Information Security Management System (ISMS). They are now certified and it will allow them to bid for more opportunities in any region of the world. Another good IRL example is the Telefonica UK Limited transitioning from BS 25999 to ISO 22301:2019. ISO 22301 is the standard for business continuity management. This ISO helps organisation with planning for a disruption, such as a cyber attack. Even though this standard isn't just to do with IT or cyber security, it still covers the possibility of some sort of IT disruption. By adopting this ISO your organisation will have that one extra advantage in case of a cyber attack.