DDoS

13/09/2025

Author: Stuart Barker | ISO 27001 Expert and Thought Leader

DDoS (Distributed Denial of Service) attack is like a massive traffic jam on the internet. Instead of one car blocking the road, DDoS uses many computers to flood a website or online service with so much traffic that it crashes or becomes super slow. The goal isn’t to steal data, but to make the service unusable for everyone else.

Examples

  • Online Store: Imagine a hacker directs a million fake customers to an online store at the same time. The store’s servers can’t handle all the requests and shut down. No real customers can get in to buy anything.
  • Gaming Server: A rival gamer might use a DDoS attack to knock an opponent’s game server offline during a big tournament. All the players get kicked off and can’t continue the game.

Context

DDoS attacks are a common cyber threat that can affect anyone, from a small blog to a huge company. They often use a “botnet,” which is a network of hijacked computers (without the owners knowing) to launch the attack. Preventing and stopping these attacks is a key part of cybersecurity.

Relevant ISO 27001 Controls

The following controls from the ISO/IEC 27001:2022 standard are related to DDoS:

About the author

Stuart Barker is an information security practitioner of over 30 years. He holds an MSc in Software and Systems Security and an undergraduate degree in Software Engineering. He is an ISO 27001 expert and thought leader holding both ISO 27001 Lead Implementer and ISO 27001 Lead Auditor qualifications. In 2010 he started his first cyber security consulting business that he sold in 2018. He worked for over a decade for GE, leading a data governance team across Europe and since then has gone on to deliver hundreds of client engagements and audits.

He regularly mentors and trains professionals on information security and runs a successful ISO 27001 YouTube channel where he shows people how they can implement ISO 27001 themselves. He is passionate that knowledge should not be hoarded and brought to market the first of its kind online ISO 27001 store for all the tools and templates people need when they want to do it themselves.

In his personal life he is an active and a hobbyist kickboxer.

His specialisms are ISO 27001 and SOC 2 and his niche is start up and early stage business.