ISO/IEC TR TECHNICAL 27103 REPORT First edition 2018-02 Information technology Security techniques Cybersecurity and Iso and IEC Standards Technologies de I'information - Techniques de sécurité - Gybersécurité et normes ISO et IEC Reference number IS0/IEC TR 27103:2018(E) EC ISO @ IS0/IEC 2018 IS0/IEC TR 27103:2018(E) COPYRIGHT PROTECTED DOCUMENT IS0/IEC 2018 be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either Iso at the address below or IsO's member body in the country of the requester. ISO copyright office CP 401 : Ch. de Blandonnet 8 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org Published in Switzerland ii @ IS0/IEC 2018 - All rights reserved IS0/IEC TR 27103:2018(E) Contents Page Foreword iv Introduction V 1 Scope 1 2 Normative references. 1 3 Terms and definitions 1 4 Document structure. 1 5 Background. 1 5.1 General 5.2 Advantages of a risk-based approach to cybersecurity 2 5.3 Stakeholders 2 5.4 Activities of a cybersecurity framework and programme 2 .3 6 Concepts 6.1 Overview of cybersecurity frameworks. 3 6.2 Cybersecurity framework functions. 3 6.2.1 Overview 3 6.3 Identify 4 6.4 Protect. 5 Detect. 6.5 6 6.6 Respond. 7 6.7 Recover. Annex A (informative) sub-categories 9 Annex B (informative) Three principles and ten essentials of the cybersecurity for top management .20 Bibliography .23 @ IS0/IEC 2018 - All rights reserved iii