IS/ISO/IEC 27032 : 2023 Cyber Security - Internet Security - Guidelines
NATIONAL FOREWORD
This Indian Standard (First Revision) which is identical to ISO/IEC 27032 : 2023 'Cybersecurity - Guidelines for Internet security' issued by International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) was adopted by the Bureau of Indian Standards (BIS) on the recommendations of the Information Systems Security And Privacy Sectional Committee and approval of the Electronics and Information Technology Division Council.
This standard was originally published in 2018 and was identical with ISO/IEC 27032 : 2012. The first revision of this standard has been undertaken to align it with the latest version of ISO/IEC 27032 : 2023
The main changes are as follows:
a) The title has been modified;
b) The structure of the document has been changed;
c) The risk assessment and treatment approach has been changed, with the addition of content on threats, vulnerabilities and attack vectors to identify and manage the Internet security risks; and
d) A mapping between the controls for Internet security cited in 9.2 and the controls contained in ISO/IEC 27002 has been added to Annex A.
The text of ISO/IEC standard has been approved as suitable for publication as an Indian Standard without deviations. Certain conventions are however not identical to those used in Indian Standards. Attention is particularly drawn to the following:
a) Wherever the words 'International Standard' appears referring to this standard, they should be read as 'Indian Standard'; and
b) Comma (,) has been used as a decimal marker while in Indian Standards, the current Practice is to use a point (.) as the decimal marker.