Structure of the ISO 27001: 2013 standard

The structure of the international standard ISO 27001: 2013  changes, going from 8 clauses to 10 . This is derived from its alignment to Annex SL of the ISO / IEC Part 1 directives , with which it is no longer based on the PDCA ( Plan-Do-Check-Act ) model, but now applies the high-level structure , titles of the sub-clauses, identical text, common terms and the main definitions defined in Annex SL.

Therefore, it maintains compatibility with other management system standards that this Annex has also adopted (such as ISO 22301 Business Continuity management systems - Requirements ).

At the controls level, the new ISO, although increasing the number of security domains from 11 to 14, restructures the number of controls , from 133 to 114.

The standard is published on October 1, 2013. The update period for companies that are already ISO 27001: 2005 certified is 2 years.

Summary of changes compared to the 2005 version

1.            Removal of the reference to the PDCA continuous improvement process approach.

2.            General restructuring of chapters and subsections so that all management system standards have the same structure.

3.            Greater emphasis on understanding the context of the organization and understanding the needs of stakeholders. This knowledge must be the fundamental point for the establishment of the management system: definition of the scope, policy, establishment of objectives and risk analysis.

4.            The risk analysis process is defined more generically. References to the identification of assets, threats and vulnerabilities have been removed. It is only necessary to identify risks (without specifying how) associated with the loss of confidentiality, integrity and availability, after analyzing the potential consequences and the probability to finally quantify the risk.

5.            Regarding the selection of security controls for the treatment of risk, the selection of a control framework is left to the decision of the organizations in case they do not want to follow ISO 27002, although, in any case, it must be compared with the controls. of Annex A to verify that no control is bypassed.

6.            Greater importance is given to the leadership of the Directorate in the management system, not only from the point of view of a formal commitment, as specified in the previous version.

7.            Greater importance is given to the monitoring and measurement area of the ISMS.

8.            The list of mandatory documents has been eliminated, although the body of the standard makes reference to different documentary requirements. On the other hand, the separation between documents and records is eliminated, being simply called documented information.

9.            Changes in Annex A: it goes from 11 to 14 chapters and the total number of controls is reduced to 114. Cryptography has become a separate section and is no longer (logically) part of the domain of systems development and acquisitions. Something similar has happened with relationships with suppliers, they have become a separate section. The communications and operations management domain was divided into security operations and security communications.

 venturebeatblog  beautymagnetism  beautyation  charismaticthings  businessknowledgetoday

Popular posts from this blog

Government defense and security

Image
    Computers in government office speed up these tasks because they contain a lot of software, such as word processing software, PPTs, spreadsheets, and database administration programs. Computers are used by all government departments in their daily working life for different purposes such as booking tickets in railway services, recording cases in police stations, checking traffic lights, etc., to complete tasks quickly and efficiently. Government organizations depend on computer and Internet technologies to respond quickly to thousands of residents' requests. Computer and online systems allow different government authoritie to respond immediately to the various demands of businesses and other organizations. State department use computers to distribute salaries, grants, scholarships, health insurance to respective citizens of society. The government regularly hires IT administrators to maintain various types of records. These records are kept in large database, which incl
Read more

Benefits & Limitations of Laptops

Image
Users often ask whether they should choose a laptop or a desktop. The answer is, it really depends on IT practices and the day-to-day responsibilities of users. Laptop are more expensive, so we want to make sure that users who request a laptop make good use of it. For example, if you are someone who need to travel, whether on campus or traveling off campus, a laptop is a good option for you. For example, professors, vice-presidents, principals, or anyone who attends many meetings where they want to access their applications and files or take notes through their computer. In addition, coaches, admissions counselors, and development officers can make good use of a laptop. On the other hand, users who mostly perform their tasks at their desks and rarely travel would benefit more from a desktop with more resources and larger screens. Benefits: Unsurprisingly, the main advantage of a laptop is its portability. Those traveling for work or attending regular campus meetings can bring their
Read more

COMPUTERS AND OUR LIVES: HOW HAVE COMPUTERS CHANGED OUR LIVES?

Image
   Computers and their uses have developed rapidly and widely throughout the world. They are used to dealing with many tasks due to their different potentials. It helps to solve the problems that human life encounters in daily life. Therefore, they have more influence in our life. The impact of computer use in our lives is obviously identified as saving money, time and effort. To understand the depth of computer intervention in human life, take a look at developments in communication, education, utility facilities, and healthcare. Computers and our lives: How have computers changed our lives? During the last 3 decades, the computer has been recognized as the most successful and successful invention to solve the problems of human life. Today, where businesses are run, you will find the application of computer use. Look at the education, health, transportation or communications sector, we can see the influence and application of the computer. It is difficult to survive a business wit
Read more