According to the text, a reasonably comprehensive definition of cybersecurity that it is

the collection of tools, policies, security concepts, security safeguards, guidelines, risk
management approaches, actions, training, best practices, assurance and technologies
that are used to protect the cyberspace environment and organization and user’s
assets. Organization and user’s assets include connected computing devices,
personnel, infrastructure, applications, services, telecommunications systems, and the
totality of transmitted and/or stored information in the cyberspace environment.
Cybersecurity strives to ensure the attainment and maintenance of the security
properties of the organization and user’s assets against relevant security risks in the
cyberspace environment. The general security objectives comprise the following:
availability; integrity, authenticity, non-repudiation, and confidentiality.

So in order to ensure that these security objectives are met, the text states that there is
an ongoing effort to develop best practices, documents, and standards that provide
guidance to managers charged with makingresource allocation decisions as well as
those charged with implementing an effective cybersecurity framework. This is where
the ISO/IEC 27000 suite of security standards comes into play. Its purpose is to
promote the development of standardization and related activities to facilitate
international exchange of goods and services and to develop cooperation in the sphere
of intellectual, scientific, technological, and economic activity.

Stallings also recognizes that effective cybersecurity is very difficult, and that any
attempt to develop a personal approach to cybersecurity is an invitation to failure. The
good news is that a great deal of thought, experimentation, and implementation
experience have already gone into the development of policies, procedures, and overall
guidance for cybersecurity system management teams. A number of organizations,
based on wide professional input, have developed best practices types of documents as
well as standards for implementing and evaluating cybersecurity.
In her article, Elaine Atwell finds that the ISO/IEC 27000 serie performs a valuable service by establishing
international standards that security practitioners and governments alike can use to craft policy. Organizations would
do well to use the ISO/IEC principles as a starting point to patch up vulnerabilities and establish a code of practice
for our organizations and partners.