Important ISO 27000 News

This is a news bulletin from the Yahoo ISO 27001 Support Group:

http://groups.yahoo.com/neo/groups/iso-27001/conversations/messages

 

The big news is that both ISO 27001 and ISO 27001 have been overhauled and updated. New releases have been launched by ISO in the last two weeks. The changes are significant.

 

ISO 27001: 2013

The layout of the new release is significantly different. There are no duplicate requirements, and the demands are less prescriptive, giving organisations greater freedom of implementation. 

 

The new standard: Context Of The Organization; Information Security Leadership; Planning An ISMS; Support; Operation; Performance Evaluation; Improvement

 

ISO 27002: 2013

There are now only 114 controls (down from 133), in 14 sections rather than 11. Significantly, the section on risk assessment and risk treatment has been deleted.

 

The new standard: Structure; Security Policy; Organization of Information Security; Human Resources Security; Asset Management; Access Control; Cryptography; Physical And Environmental Security; Operations security; Communications Security; Information Systems Acquisition, Development, Maintenance; Supplier Relationships; Information Security Incident management; Information Security Aspects of Business Continuity; Compliance

 

The forum on our Yahoo group is now open to discuss these and the implication of the changes. Please feel free to participate.

 

The new standards can be obtained and downloaded from Standards Direct:

http://www.standardsdirect.org/iso17799.htm

 

They are also provided in The ISO 27000 Toolkit, which has also been fully updated and expanded to reflect the new standards:

http://www.17799-toolkit.com

 

 

 

Elizabeth Green

ISO 27001 Yahoo Support Group

 

Note: You received this email because you subscribed to the ISO 27000 email list, some years ago (we have been dormant).  If you wish to unsubscribe, just let me know by return.