"The increasingly rapid evolution and growth in the complexity of new systems and networks, coupled with the sophistication of changing threats and the presence of intrinsic vulnerabilities, present demanding challenges for maintaining the security of Information and Communications Technology (ICT) systems and networks. To minimize exposure to risks, security must be built in from the beginning when designing new architectures, not added on later as an optional feature.
In the past few years Security has moved on apace, with areas such as Cybersecurity, Cloud, Mobile, Machine to Machine producing more requirements. We have seen demands placed by the growing threat of criminal activities and risks to critical infrastructure. Sensitivity towards the privacy of the citizen and of his data is increasing but is lagging behind the rollout of new services and applications which depend on a culture of openness and sharing.
As a response to such challenges, Security standards are essential to ensure interoperability among systems and networks, compliance with legislation and adequate levels of security. These standards provide the means for protecting the user, creating a more secure and profitable environment for the industrial sector, from SMEs to large global companies, and providing benefits for a diverse range of interest groups that include government organizations, research bodies and universities."