It has been eight years
since the ISO 27001 standard was last revised but now changes are
coming.
When 2013 nears its end we
will see a new version of the information security standard ISO
27001. If you belong to those who must comply with the standard, or
just consider it good practice, then you will experience a
transitional period where your company must change its processes. It
can be a time consuming process but luckily a draft of the revision
has already been made publicly available.
Below you'll find the
three most important changes in the ISO 27001 update so you can begin
to prepare yourself immediately.
1.
Increased flexibility in your choice of risk method
In
the current ISO 27001 version it is a requirement that an active
owner is identified and that a threat based vulnerability assessment
is implemented. In the new draft the term risk owner is used instead
and it is only a requirement to identify risks in relation to
confidentiality, integrity and availability. Thereby, there is an
attempt to adapt the risk process to the risk management standard ISO
31000.
It
will, however, still be the ISO 27005 standard most people will use
as a starting point for the risk process as it deals specifically
with IT risks unlike ISO 31000 which provides a framework for
analysis of all risk types in a business.
2.
Sharpened demands to the Information Security Management System
context
In
the current draft the section about the establishing of the ISMS and
the scope is brief and imprecise. The requirements for organisations
ISMS context has been highlighted with the requirement that all
relevant external stakeholder demands should be described as a part
of the ISMS.
3.
Demands to surveilance and measurements get their own section
Where
they are currently spread among other requirements, the requirements
for surveillance and measurement of efficiency have now been given
their own section. There is an increased focus on ensuring that
companies identifiy, describe and can document the efficiency of the
implemented IT controls. Companies must draw up Key Performance
Indicators for the evaluation of all implemented security measures
and can document the KPI's output.
The
ISO 27001 update is still open to changes but these three points
should give you a headstart so you can have a smoother transition.
See also Six questions about the ISO 27001 revision (with answers)
For a more in-depth look you might be interested in this free on-demand webinar: http://www.neupart.com/events/webcasts.aspx
About the Author: Lars Neupart is founder of Neupart A/S and wants you to know that SecureAware = efficient information security. Get more of him on Twitter.
See also Six questions about the ISO 27001 revision (with answers)
For a more in-depth look you might be interested in this free on-demand webinar: http://www.neupart.com/events/webcasts.aspx
About the Author: Lars Neupart is founder of Neupart A/S and wants you to know that SecureAware = efficient information security. Get more of him on Twitter.
ISO 27001 Audit
ReplyDeleteThe ISO 27001 Lead Auditor training course will give you the ability to successfully audit an existing information security management system against iso27001. You will be taught the techniques to use when auditing a management system. During the course you will go through the standard, clause by clause, to ensure that you understand what questions you should be asking, who you should be asking those questions to and what evidence you should be seeking during an audit.
Wonderful blog..!Thanks for providing such great information abot ISO 27001. I have also suggest you e-learning course such as ISO 27001 internal auditor training e-learning course now available that helps to implement Information Security management system.
ReplyDeleteMy cousin recommended this blog and she was totally right keep up the fantastic work!
ReplyDeleteiso 27001 lead auditor online training
Great reading and extremely comprehensive post. much covers everything.ISO 27001 Lead Auditor
DeleteGreat reading and extremely comprehensive post. much covers everything
ReplyDeleteISO 27001 Requirement
Thanks for your sharing. ISO 27001 training
ReplyDeleteGreat reading and extremely comprehensive post. much covers everything
ReplyDeleteISO 27001 Certification
Good Blog, well descrided, Thanks for sharing this information.
ReplyDeleteISO 27001 Certification
Nice post. Thanks for sharing this post. ISO 27001 Qatar
ReplyDeleteWell, it’s time to start, Thank you :)
ReplyDeleteISO 27001 Online Course
I agree with all of you that this information is pretty useful which definitely deserve
ReplyDeletefor bookmark.
ISO 27001 Lead Auditor Course Online
This comment has been removed by the author.
ReplyDeleteISO 45001 Lead Auditor Training Course
ReplyDeleteISO 27001 Certification
ReplyDeleteGood day. I was impressed with your article. Keep it up . You can also visit my site if you have time. Thank you and Bless you always.
ReplyDeleteISO 27001 hong kong
Really wonderful post and i think this is very important topic .... ISO 27001 Lead Auditor Course Qatar
ReplyDeleteThis post is really good and blog is very interesting. There are good details. Thank you for sharing….iso 45001 lead auditor training
ReplyDeleteThanks for sharing this great content. It is really informative and useful., You can also check this Similar siteiso-31000-internal-auditor-training
ReplyDeleteThanks you for sharing this unique useful information content with us. Really awesome work. ISO 27001 Certification in Qatar
ReplyDeleteNice post. I learn something totally new and challenging on sites . It's always helpful to read content.
ReplyDeleteiso 27001 hong kong
I would definitely thank the admin of this blog for sharing this information with us. Waiting for more updates from this blog admin.
ReplyDeleteiso 27001 hong kong
Thanks you for sharing this unique useful information content with us. Really awesome work.. ISO 14001 certification in Saudi Arabia
ReplyDeleteInformative Post. Thanks for sharing. ISO 31000
ReplyDeleteNice post. I learn something totally new and challenging on sites . It's always helpful to read content.
ReplyDeleteiso 27001 internal auditor training philippines
ISO 90019001
ReplyDeletenice post.
ReplyDeleteiso 27001 anforderungen
Awesome! Amazing list of blog thanks you so much for sharing this awesome piece I always love to read. this is really helpful to us
ReplyDeleteCE Certification requirements
Nice post. I was checking constantly this blog and I am impressed! Extremely helpful information specially App development I care for such info a lot.
ReplyDeleteISO 27001 internal auditor training
I found your blog and it was really useful as well as informative thanks for sharing such an article with us. We also provide services related to ISO 31000 Internal Auditor Course Online
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThanks for sharing such a great blog Keep posting..
ReplyDeleteiso 9001 internal auditor training