ISO/IEC 27001:2013

3,099 views

Published on

Main changes on ISO/IEC 27001:2013. A comparative with ISO/IEC 27001:2005. List of new domains, List of new controls, references

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
3,099
On SlideShare
0
From Embeds
0
Number of Embeds
9
Actions
Shares
0
Downloads
123
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

ISO/IEC 27001:2013

  1. 1. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO/IEC 27001:2013 ISO/IEC 27001:2013 Ramiro Cid | @ramirocid
  2. 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO/IEC 27001:2013 ISO/IEC 27001:2013 References: ISO/IEC 27001:2013. Final draft: Published on 07/2013. Final version: End of 2013.
  3. 3. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO/IEC 27001:2013 Changes on ISO/IEC 27001:2013 Main changes in comparte with the previous version (ISO/IEC 27001:2005): • ISO/IEC 27001:2013 will have 114 controls into 14 domains (the actual version have 133 controls in 11 domains). • 11 new controls: • A.6.1.5 Information security in project management • A.12.6.2 Restrictions on software installation • A.14.2.1 Secure development policy • A.14.2.5 Secure system engineering principles • A.14.2.6 Secure development environment • A.14.2.8 System security testing • A.15.1.1 Information security policy for supplier relationships • A.15.1.3 Information and communication technology supply chain • A.16.1.4 Assessment of and decision on information security events • A.16.1.5 Response to information security incidents • A.17.2.1 Availability of information processing facilities
  4. 4. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO/IEC 27001:2013 Main changes in comparte with the previous version (ISO/IEC 27001:2005): • 14 domains instead of 11. The new domains will be: • A.5: Information security policies • A.6: How information security is organised • A.7: Human resources security - controls that are applied before, during, or after employment. • A.8: Asset management • A.9: Access controls and managing user access • A.10: Cryptographic technology • A.11: Physical security of the organisation's sites and equipment • A.12: Operational security • A.13: Secure communications and data transfer • A.14: Secure acquisition, development, and support of information systems • A.15: Security for suppliers and third parties • A.16: Incident management • A.17: Business continuity/disaster recovery (to the extent that it affects information security) • A.18: Compliance - with internal requirements, such as policies, and with external requirements, such as laws Changes on ISO/IEC 27001:2013
  5. 5. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO/IEC 27001:2013 Domains comparision chart: ISO/IEC 27001:2005 ISO/IEC 27001:2013 A.5 -Security policy A.5: Information security policies A.6 -Organization ofinformation security A.6: How information security is organised A.8 -Human resources security A.7: Human resources security -controls that are applied before, during, or after employment. A.7 -Asset management A.8: Asset management A.11 - Access control A.9: Access controls and managing user access A.10: Cryptographic technology A.9 -Physical and environmental security A.11: Physical security ofthe organisation's sites and equipment A.12: Operational security A.10 -Communications and operations management A.13: Secure communications and data transfer A.12 -Information systems acquisition, development and maintenance A.14: Secure acquisition, development, and support ofinformation systems A.15: Security for suppliers and third parties A.13 -Information security incident management A.16: Incident management A.14 -Business continuity management A.17: Business continuity/disaster recovery (to the extent that it affects information security) A.15 -Compliance A.18: Compliance -with internal requirements, such as policies, and with external requirements, such as laws Changes on ISO/IEC 27001:2013
  6. 6. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO/IEC 27001:2013 References URL to complete the knowledge: ISO: 1. ISO Oficial web: http://www.iso.org/ 2. 2013 version on ISO Oficinal web: http://www.iso.org/iso/home/news_index/news_archive/news.htm?refid=Ref1767 3. Wikipedia (ISO/IEC 27001:2005): http://en.wikipedia.org/wiki/ISO/IEC_27001 4. Wikipedia (ISO/IEC 27001:2013): http://en.wikipedia.org/wiki/ISO/IEC_27001:2013
  7. 7. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid ISO/IEC 27001:2013 Questions ? Many thanks! ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL

×