The Information Security Standards for Securities (ISSS) is a standard in Israel that provides guidelines for organizations that issue or trade securities to manage and protect against cyber threats. This standard is intended to help organizations in the securities market to protect sensitive information and comply with relevant regulations and laws.
The ISSS includes guidelines and best practices for:
- Risk management
- Incident management
- Business continuity management
- Compliance with legal and regulatory requirements
The standard covers a wide range of information security-related topics, including:
- Network security
- Cloud security
- Mobile device security
- Identity and access management
- Data protection
- Compliance with regulations such as MiFID II, Dodd-Frank Act and more.
The ISSS is based on international standards such as ISO/IEC 27001 and is designed to help organizations establish, implement, maintain, and continually improve their information security management systems (ISMS). Organizations in the securities market are expected to comply with the standard and to demonstrate compliance through regular assessments by a qualified auditor.
The ISSS standard is mandatory for organizations operating in the securities market. Compliance with the standard can also help organizations to protect their reputation, demonstrate their commitment to information security and provide assurance to their customers and other stakeholders.