Making the Most of ISO StandardsDXC Technology's Agnidipta Sarkar on Putting Security Standards to Use
Many companies don't understand the value of security standards and just use them as a marketing tool, says Agnidipta Sarkar, global information risk and continuity officer at DXC Technology.
"Most people don't use the ISO standards for anything other than certifications. There are few who realize the value that standards brings, but most people use it as a printout on the wall," Sarkar says in an interview with Information Security Media Group (see: The New Business Continuity Standard).
"But standards are way more than that. If used properly, the standards provide a checklist for organizations to run various facets in a manner that is practical, repeatable and predictable when it comes to reviewing output."
Sometimes, regulatory compliance can be a motivator for using standards, he acknowledges. "Many companies are implementing ISO 27001 because they are under an impression that ISO 27001 will make them compliant to GDPR [EU's General Data Protection Regulation]," he says, portraying that view as too simplistic.
Sarkar was a speaker at ISMG's Fraud and Breach Prevention Summit in Bangalore.
In this interview (see audio link below photo), Sarkar also discusses:
- The lack of understanding of the purpose of standards;
- The advantages standards bring beyond just compliance;
- Why an integrated management system is important.
Sarkar, global information risk and continuity officer at DXC Technology, is a risk optimization thought leader with more than 25 years of experience in information security, data privacy and business continuity. He now governs one of the largest certified ISO27001 programs, as well as one of largest ISO22301 certifications for business continuity.