Could international standards have prevented the CrowdStrike incident

Edited version of image by David770x0 from Wikimedia Commons

IEC and ISO international standards reflect the wisdom of a broad and diverse range of experts from every corner of the world. They codify the global best practices that could have helped prevent the recent IT outage that is still affecting hospitals, airports, banks and other businesses worldwide. <_o3a_p>

Anyone following the news over the past week will know that behind the incident was a faulty update from a cyber security company. It underlines the critical importance of robust change management and testing processes in software deployment. <_o3a_p>

Analysts blame the absence of three safeguards for exacerbating the impact of the buggy software: rigorous testing, enhanced monitoring and effective communication. IEC and ISO cyber security standards address all three.<_o3a_p>

ISO/IEC 27002, for instance, provides comprehensive guidelines for information security controls, including those related to change management and software updates. It emphasizes the importance of a formal change management process, including thorough planning, risk assessment and approval of changes before implementation. <_o3a_p>

The ISO/IEC Standard recommends sandboxing: extensive testing in a controlled environment to detect any potential issues. It is easy to see how this step is crucial to prevent untested updates from causing widespread disruptions. <_o3a_p>

ISO/IEC 27002 further recommends continuous monitoring and review of systems post-update to help address any bugs quickly. It also emphasizes the vital importance of documentation of the update process and clear communication with stakeholders. <_o3a_p>

This step ensures that everyone is aware of the changes and can respond appropriately if things go go wrong <_o3a_p>

On the user end, for example, many of the affected organizations could have recovered more swiftly if they had implemented the standard. Among other things, it advises maintaining up-to-date backups and developing a recovery plan.<_o3a_p>

Back-ups and a recovery plan ensure that systems can be quickly restored to a previous stable state in case of an update failure. Implementing best practices would have allowed affected organizations to recover more swiftly from the incident. <_o3a_p>

So what is ISO/IEC 27002?

ISO/IEC 27002 supports and builds on the countermeasures set out in the world's best-known cyber security standard for IT, ISO/IEC 27001. It is designed to enable organizations of all types and sizes to manage their IT risks effectively.

ISO/IEC 27002 describes dozens of information security controls with guidelines for implementing them. In common with other IEC and ISO cyber security standards, it takes a risk management-based approach to managing people, processes, services and technology. <_o3a_p>

Central to this is the notion that trying to protect everything in equal measure is neither efficient nor sustainable. It is therefore important to identify and focus resources on securing the most valuable assets that ensure business continuity.<_o3a_p>

ISO/IEC 27001 is part of the approved process scheme that provides for the independent assessment and issuing of an international IECQ certificate of conformity for organizations that have demonstrated compliance with the relevant publications.<_o3a_p>

This provides confidence that the requirements of ISO/IEC 27001 have been met.<_o3a_p>

Many are calling it the worst cyber event in history with Microsoft estimating that over eight million computers around the world were disabled by the global IT outage. These things are always easier in hindsight but in this instance, employing best practice based on robust international standards could probably have saved the day.<_o3a_p>