Updated Standard

The new ISO 27001:2013 has been released as well as ISO 27002:2013.

The ISO 27001:2013 contents the following topics :

• 0 Introduction
• 1 Scope – states what the standard is about
• 2 Normative references
• 3 Terms and definitions
• 4 Context of the organisation – The old section 4 risk assessment component, now more aligned with ISO 31000
• 5 Leadership
• 6 Planning – More risk management and preventative and corrective processes
• 7 Support – Management support
• 8 Operation – the implement and operate section of the old standard
• 9 Performance evaluation – Monitoring, audit and management review
• 10 Improvement – Continuous Improvement

The ISO 27002:2013 has reduced the domains from 133 to 114, some domains have been removed, some combined.

• 5 Information security policies
• 6 Organisation of information security
• 7 Human resource security
• 8 Asset management
• 9 Access control
• 10 Cryptography
• 11 Physical and environmental security
• 12 Operations security
• 13 Communications security
• 14 System acquisition, development and maintenance
• 15 Supplier relationships
• 16 Information security incident management
• 17 Information security aspects of business continuity management
• 18 Compliance

On the other side the payment Card Industry PCI and Payment application PA  DSS  version 3 being released.