ISO 27001:2005
|
ISO 27001:2013
| |
1
|
Annex A :has 133 controls
|
Annex A : has 114 controls
11 new controls |
2
|
Annex A: 11 control objectives
|
Annex A: 14 control objectives (A5 to A18)
|
3
|
Five implementation sections
· 4-ISMS
· 5-Management responsibility
· 6-Internal ISMS audits
· 7-Management review of the ISMS
· 8-ISMS improvement
|
Seven implementation sections
· 4-Context
· 5-Leadership
· 6-Planning
· 7-Support
· 8-Operation
· 9-Evaluation
· 10-Improvement
|
4
|
Non standard format
|
Annex SL format(MS standard)
|
5
|
Process based approach
|
Non process based
|
6
|
Structured around PDCA deming cycle
|
No emphasis on PDCA cycle
|
8
|
Separate class of ‘Preventive’ controls
|
‘Preventive’ controls removed
|
9
|
Requires ‘Documents’ and ‘Records’
|
Instead requires ‘Documented Information’
|
10
|
Parts derived from ISO 31000:2009 Risk mgmt
| |
11
|
‘control objectives and controls from Annex A shall be selected and implemented’
|
‘produce a “statement of applicability(SOA)” that contains the necessary controls’
|
12
|
Has Annex A, B and C
|
Has Annex A
|
13
|
New important term ‘Risk owner’
| |
14
|
Emphasis on documentation of Internal Audits
|
No need to document internal audit
|
Friday, June 20, 2014
ISO 27001 : 2013 Changes
Friday, June 13, 2014
Information security quotes for awareness
- "Security has a group ownership --not individual ownership"....G.R
- "Tech Savvy does not mean --security conscious"
- "Technology cannot replace security good habits"
- "Simple and elegant the solutions -- better is the security"
- "Money can buy security products -- but not security" ....G.R
- "Security is not a product -- it is a process" ... Bruce Schneier
- "We will forgive the breach -- but not the silence"
- "If you want PRIVACY -- then maintain private posture and not public posture"
- "High security means -- right awareness"....G.R
- "Best medicine for security diseases is -- high dosage of awareness"....G.R
- "Technology is just a security enabler -- not a security ensurer" ....G.R
- "Trust can be absolute -- but Security cannot be absolute".......GR.
- "Stop - Read and Click".........GR
- "Technology alone may not protect you better
--but awareness about the correct usage of technology may protect you better"....G.R
Subscribe to:
Posts (Atom)