ISO/IEC 27001:2013 Information Security Management Systems

ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system within the context of the organization. It also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

The requirements set out in ISO/IEC 27001:2013 are generic and are intended to be applicable to all organizations, regardless of type, size or nature.

New Security Controls

New Security Controls in 2013 revision that did not exist in 2005 revision

A.6.1.5 Information security in project management

14.2.1 Secure development policy

14.2.5 Secure system engineering principles

14.2.6 Secure development environment

14.2.8 System security testing

16.1.4 Assessment of and decision on information security events

17.2.1 Availability of information processing facilities

The updated ISO/IEC 27001:2013 standard is broken into ten main sections, or clauses.

These are:

Clause 1: Scope

Clause 2: Normative references

Clause 3: Terms and Definitions

Clause 4: Context of the organisation

Clause 5: Leadership

Clause 6: Planning

Clause 7: Support

Clause 8: Operation

Clause 9: Performance Evaluation

Clause 10: Improvement

Leave a Reply

Contact Us