PAS 555:2013 Cyber security risk. Governance and management. Specification

Find Similar Items

This product falls into the following categories.

You may find similar items within these categories by selecting from the choices below:

PAS 555:2013

Cyber security risk. Governance and management. Specification

Status : Current   Published : May 2013



Information technology pervades every aspect of modern human life. We now rely heavily on cyberspace for our business and personal transactions. While this connectivity has positively changed the way organizations operate, the inevitable downside is the threat of cyber attack.

Threats to an organization’s cyber security present a critical challenge in terms of scale, complexity and impact – with business assets such as corporate and customer data, intellectual property, and brand and reputation at risk. It is crucial that an organization understands and manages its exposure to cyber security threats.

That’s why we’ve produced PAS 555:2013 Cyber security risk – Governance and management – Specification.

PAS 555 uniquely uses an outcomes-based approach to ensure enterprise confidence.

A business-led, holistic approach to cyber security

The requirements of this PAS define the overall outcomes of effective cyber security. Importantly, it considers not only the technical aspects of cyber security, but also the physical, cultural and behavioural aspects, alongside effective leadership and governance.

PAS 555 enables organizations to:

  • Focus investment in the most appropriate way
  • Minimize potential loss
  • Improve operational effectiveness and efficiency
  • Develop organizational resilience
  • Improve loss prevention and incident management
  • Identify and mitigate cyber security risk throughout the organization.

The specification applies to the whole organization and its supply chain, avoiding the dangers that can arise when the scope of security measures covers only part of the business. It can apply to any organization, large or small, commercial, not-for-profit or public sector.

How does PAS 555 fit with other related standards?

PAS 555 enables any organization to choose how it achieves the specified outcomes, whether through it's own defined processes or the adoption of other standards and management systems, such as BS ISO/IEC 27001 or ISO/IEC 20000-1. PAS 555 includes a cross reference to major standards that are commonly used to deal with threats (these include ISO/IEC 20000-1, ISO/IEC 27001, ISO 22301 and ISO 31000).

PAS 555 was sponsored by the Cyber Alliance (comprising Cisco, Control Risks, G4S, PA Consulting Group and Symantec) and the steering group comprised 3SDL, Association of British Certification Bodies, Bird & Bird, BP, Department for Business, Innovation and Skills, King’s College London, Information Security Forum, Intellect, Leading Edge Forum, Mike StJohn Green Consulting Ltd, Roke Manor Research and The Security Institute.

Standard NumberPAS 555:2013
TitleCyber security risk. Governance and management. Specification
Publication Date31 May 2013
DescriptorsData processing, Computers, Management, Data security, Data storage protection, Risk assessment, Risk analysis, Information exchange, Business continuity, Anti-burglar measures, Computer software, Computer hardware, Computer networks
ISBN978 0 580 78755 3
File Size721 KB

 Your basket
Your basket is empty

Take the smart route to manage medical device compliance

Collaborate, Innovate, Accelerate.

Worldwide Standards
We can source any standard from anywhere in the world


The faster, easier way to work with standards

Customers who bought this product also bought

  • BS ISO/IEC 27032:2012
    Information technology. Security techniques. Guidelines for cybersecurity
  • BS ISO/IEC 27031:2011
    Information technology. Security techniques. Guidelines for information and communication technology readiness for business continuity
  • BS ISO/IEC 27005:2011
    Information technology. Security techniques. Information security risk management
  • BS 31100:2011
    Risk management. Code of practice and guidance for the implementation of BS ISO 31000