The new ISO 27001:2013 has been released as well as ISO 27002:2013.
The ISO 27001:2013 contents the following topics :
- 0 Introduction
- 1 Scope – states what the standard is about
- 2 Normative references
- 3 Terms and definitions
- 4 Context of the organisation – The old section 4 risk assessment component, now more aligned with ISO 31000
- 5 Leadership
- 6 Planning – More risk management and preventative and corrective processes
- 7 Support – Management support
- 8 Operation – the implement and operate section of the old standard
- 9 Performance evaluation – Monitoring, audit and management review
- 10 Improvement – Continuous Improvement
The ISO 27002:2013 has reduced the domains from 133 to 114, some domains have been removed, some combined.
- 5 Information security policies
- 6 Organisation of information security
- 7 Human resource security
- 8 Asset management
- 9 Access control
- 10 Cryptography
- 11 Physical and environmental security
- 12 Operations security
- 13 Communications security
- 14 System acquisition, development and maintenance
- 15 Supplier relationships
- 16 Information security incident management
- 17 Information security aspects of business continuity management
- 18 Compliance
On the other side the payment Card Industry PCI and Payment application PA DSS version 3 being released.