ISO/IEC AWI 27102

Information security, cybersecurity and privacy protection — Guidelines for applying ISO/IEC 27001 and related standards in support of cyber insurance

Апстракт

This document provides guidelines when considering purchasing cyber-insurance as a risk treatment option to manage the impact of a cyber-incident within the organization’s information security risk management framework, as well as leveraging the organization’s ISMS when sharing relevant data and information with an insurer.
This document gives guidelines for:
a)  considering the purchase of cyber insurance as a risk treatment option to share cyber risks;
b)  leveraging cyber insurance to assist in managing the impact of a cyber incident;
c)  sharing of data and information between the insured and an insurer to support underwriting, monitoring and claims activities associated with a cyber insurance policy;
d)  leveraging an ISMS when sharing relevant data and information with an insurer.
This document is applicable to organizations that intend to purchase cyber insurance, regardless of type, size or sector.