Updated Standard

The new ISO 27001:2013 has been released as well as ISO 27002:2013.

The ISO 27001:2013 contents the following topics :

  • 0 Introduction
  • 1 Scope – states what the standard is about
  • 2 Normative references
  • 3 Terms and definitions
  • 4 Context of the organisation – The old section 4 risk assessment component, now more aligned with ISO 31000
  • 5 Leadership
  • 6 Planning – More risk management and preventative and corrective processes
  • 7 Support – Management support
  • 8 Operation – the implement and operate section of the old standard
  • 9 Performance evaluation – Monitoring, audit and management review
  • 10 Improvement – Continuous Improvement

The ISO 27002:2013 has reduced the domains from 133 to 114, some domains have been removed, some combined.

  • 5 Information security policies
  • 6 Organisation of information security
  • 7 Human resource security
  • 8 Asset management
  • 9 Access control
  • 10 Cryptography
  • 11 Physical and environmental security
  • 12 Operations security
  • 13 Communications security
  • 14 System acquisition, development and maintenance
  • 15 Supplier relationships
  • 16 Information security incident management
  • 17 Information security aspects of business continuity management
  • 18 Compliance

On the other side the payment Card Industry PCI and Payment application PA  DSS  version 3 being released.