ISO/IEC TR 27015:2012 - Information technology — Security techniques — Information security management guidelines for financial services

ISO/IEC TR 27015 amplifies and extends some of the recommendations in ISO/IEC 27002 for financial services organizations - for instance, recommending in section 6.2.2 that security awareness activities should cover customers, not just employees. It gives examples of the kinds of awareness message that, say, a bank would be well advised to broadcast to its employees e.g. concerning identity thieves’ use of keylogging Trojans, phishing and social engineering to steal login credentials from customers’ systems.
Overall, the additional guidance in ISO/IEC TR 27015 may not be revolutionary but it is a useful prompt to go beyond the basics suggested in ISO/IEC 27002 in a few areas.