UNLIMITED FREE
ACCESS TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

ISO/IEC 27102

Information security management — Guidelines for cyber-insurance

active, Most Current
Buy Now
Organization: ISO
Publication Date: 1 August 2019
Status: active
Page Count: 24
ICS Code (IT Security): 35.030
scope:

This document provides guidelines when considering purchasing cyber-insurance as a risk treatment option to manage the impact of a cyber-incident within the organization's information security risk management framework.

This document gives guidelines for:

a) considering the purchase of cyber-insurance as a risk treatment option to share cyber-risks;

b) leveraging cyber-insurance to assist manage the impact of a cyber-incident;

c) sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber-insurance policy;

d) leveraging an information security management system when sharing relevant data and information with an insurer.

This document is applicable to organizations of all types, sizes and nature to assist in the planning and purchase of cyber-insurance by the organization.

Document History

ISO/IEC 27102
August 1, 2019
Information security management — Guidelines for cyber-insurance
This document provides guidelines when considering purchasing cyber-insurance as a risk treatment option to manage the impact of a cyber-incident within the organization’s information security risk...

References

This document references:
ISO/IEC 27000 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
Published by ISO on February 1, 2018
This document provides the overview of information security management systems (ISMS). It also provides terms and definitions commonly used in the ISMS family of standards. This document is...
This document references:
ISO/IEC 27001 - Information technology - Security techniques - Information security management systems - Requirements
Published by ISO on October 1, 2013
This International Standard specifies the requirements for establishing, implementing, maintain and continually improving an information security management system within the context of the...
This document references:
ISO/IEC 27002 - Information technology - Security techniques - Code of practice for information security controls TECHNICAL CORRIGENDUM 2
Published by ISO on November 15, 2015
A description is not available for this item.
This document references:
ISO/IEC 27003 - Information technology - Security techniques - Information security management systems - Guidance
Published by ISO on March 1, 2017
This document provides explanation and guidance on ISO/IEC 27001:2013.
This document references:
ISO/IEC 27004 - Information technology - Security techniques - Information security management - Monitoring, measurement, analysis and evaluation
Published by ISO on December 15, 2016
This document provides guidelines intended to assist organizations in evaluating the information security performance and the effectiveness of an information security management system in order to...
This document references:
ISO/IEC 27005 - Information technology - Security techniques - Information security risk management
Published by ISO on July 1, 2018
This document provides guidelines for information security risk management. This document supports the general concepts specified in ISO/IEC 27001 and is designed to assist the satisfactory...
This document references:
ISO/IEC 27005 FRENCH - Technologies de l'information - Techniques de sécurité - Gestion des risques liés à la sécurité de l'information
Published by ISO on July 1, 2018
A description is not available for this item.
This document is referenced by:
ISO TR 21332 - Health informatics — Cloud computing considerations for the security and privacy of health information systems
Published by ISO on April 1, 2021
This document provides an overview of security and privacy considerations for Electronic Health Records (EHR) in a cloud computing service that users can leverage when selecting a service provider.
This document is referenced by:
PD ISO/TR 21332 - Health informatics — Cloud computing considerations for the security and privacy of health information systems
Published by BSI on May 31, 2021
A description is not available for this item.
This document is referenced by:
X.1061 - Cyber insurance acquisition guidelines
Published by ITU-T on August 1, 2021
This Recommendation establishes guidelines for acquiring cyber insurance from an insurer to manage the impact of a cybersecurity incident within the information security risk management framework of...
View Less
View All
Advertisement