SlideShare una empresa de Scribd logo

ISO 27002 2013 Atualizações / mudanças

Fernando Palma
Fernando Palma

Atualização da norma ISO 27002 2013.

Tecnología
1 de 5
Descargar para leer sin conexión
1 November 2013 New releases of ISO 27001:2013 and ISO 27002:2013 The new versions of ISO 27001 Information Security Management System (ISMS requirements) and ISO 27002 Code of Practice for Information Security Controls (aids the implementation of ISO 27001) were published in September 2013. An effectively implemented ISMS can improve the state of information security in an organisation. Organisations already ISO certified are allowed a period of two years to meet the requirements of the new ISO version. Changes in ISO 27002:2013  The revised Annex SL format has a new set of chapters and structure, as illustrated in the image in the Appendix.  The new structure is intended to standardise terminology and requirements to all management system standards, such as ISO 9000 Quality Management and ISO 20000 Information Technology – Service Management.  The Information Security Management System (ISMS) is renamed as Context of the Organisation.  The new version of the standard requires clear demonstration of leadership. Leadership and management are now clearly defined as two requirements. Leaders need to demonstrate commitment by defining strategic goals and ensuring that sufficient resources are available to implement information security correctly. Management is defined as the implementation and day to day running of the systems.  Organisations will now have the flexibility to implement the requirements in the most suitable way for them, since the new standard is less prescriptive.  A noticeable change is the withdrawal of the Plan-Do-Check-Act (PDCA) model which was an important section of the standard. The 2013 version uses a model in the mandatory clauses; however it is not a dedicated section.  The importance of interested parties is recognised in the new standard, where a separate clause is included which requires all interested parties to be listed under “Understanding the needs and expectations of interested parties”, along with their requirements.  Chapters on Risk Assessment and Risk Treatment were removed. The documentation of a Risk Management Methodology is not required and the assets-vulnerabilities-threats are not the basis of the risk assessment. Only risks associated with confidentiality, integrity and availability need to be identified. Also, the new concept of risk owners is introduced instead of asset owners.  The new standard includes 114 controls in 14 security control clauses (categories), whereas the 2005 standard had 133 controls in 11 security control clauses.  Two new categories are added – “Cryptography” and “Supplier Relationships” and the existing category “Communications and operations management” is split into two categories– “Operations Security” and “Communications Security”.  Many controls included in the standard are not altered while some controls are deleted or merged together. Additionally, some new controls are added and the guidance text is accordingly updated.  The tables below illustrate the security control clauses (categories) included in ISO 27002:20013 and ISO 27001:2005. ISO 27002:2013 ISO 27002:2005 5 Information Security Policies Security Policy 6 Organisation of Information Security Organisation of Information Security 7 Human Resource Security Asset Management 8 Asset Management Human Resource Security 9 Access Control Physical and Environmental Security
Risk Assurance Consulting (RAC) November 2013 2 ISO 27002:2013 ISO 27002:2005 10 Cryptography Communications and Operations Management 11 Physical and Environmental Security Access Control 12 Operations Security Information Systems Acquisition, Development and Maintenance 13 Communications Security Information Security Incident Management 14 System acquisition, Development and Maintenance Business Continuity Management 15 Supplier Relationships Compliance 16 Information Security Incident Management 17 Information Security Aspects of Business Continuity Management 18 Compliance New controls proposed in the ISO 27002:2013 release Controls added in 27002:2013 A.6.1.5 Information security in project management A.12.6.2 Restrictions on software installation A.14.2.1 Secure development policy A.14.2.5 System development procedures A.14.2.6 Secure development environment A.14.2.8 System security testing A.15.1.1 Information security policy for supplier relationships A.15.1.3 Information and Communication Technology supply chain A.16.1.4 Assessment and decision of information security events A.16.1.5 Response to information security incidents A.17.1.2 Implementing information security continuity A.17.2.1 Availability of information processing facilities ISO 27002:2005 controls deleted 27001:2005 control deleted in ISO 27001:2013 A.6.1.1 Management commitment to information security A.6.1.2 Information security coordination A.6.1.4 Authorisation process for information processing facilities A.6.2.1 Identification of risks related to external parties A.6.2.2 Addressing security when dealing with customers A.10.2.1 Service delivery A.10.7.4 Security of system documentation A.10.8.5 Business Information Systems A.10.10.2 Monitoring system use A.10.10.5 Fault logging A.11.4.2 User authentication for external connections A.11.4.3 Equipment identification in networks A.11.4.4 Remote Diagnostic and configuration port protection A.11.4.6 Network Connection control A.11.4.7 Network routing control A.11.6.2 Sensitive system isolation
Risk Assurance Consulting (RAC) November 2013 3 27001:2005 control deleted in ISO 27001:2013 A.12.2.1 Input data validation A.12.2.2 Control of internal processing A.12.2.3 Message integrity A.12.2.4 Output data validation A.12.5.4 Information leakage A.14.1.1 Including information security in the business continuity management process A.14.1.3 Developing and implementing continuity plans including formation security. A.14.1.4 Business continuity planning framework A.15.1.5 Prevention of misuse of information processing facilities A.15.3.2 Protection of information systems audit tools We would be pleased to meet with you and provide you with any clarifications and / or additional information on matters raised.
Risk Assurance Consulting (RAC) November 2013 4 Appendix: Revised ISO 27002:2013 structure
Risk Assurance Consulting (RAC) This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. © 2013 PricewaterhouseCoopers Ltd. All rights reserved. PwC refers to the Cyprus member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details Your contacts for IT Governance & Security matters in PwC Cyprus: George Lambrou Partner Risk Assurance Consulting Tel. +357 - 22 555 728 george.lambrou@cy.pwc.com Christos Tsolakis Partner Risk Assurance Consulting Tel. +357 - 22 555 570 christos.tsolakis@cy.pwc.com Demos Demou Manager Risk Assurance Consulting Tel. +357 - 22 555 056 demos.demou@cy.pwc.com Efthyvoulos Efthyvoulou Manager Risk Assurance Consulting Tel. +357 - 22 555 460 efhtyvoulos.efthyvoulou@cy.pwc.com Alexis Thomas Manager Risk Assurance Consulting Tel. +357 - 22 555 625 alexis.thomas@cy.pwc.com www.pwc.com.cy/technology PwC Cyprus Julia House 3 Themistocles Dervis Street CY-1066 Nicosia, Cyprus P O Box 21612 CY-1591 Nicosia, Cyprus www.pwc.com.cy Risk Assurance Consulting (RAC) This content is for general information purposes only, and should not be used as a substitute for consultation with PricewaterhouseCoopers Ltd. All rights reserved. PwC refers to the Cyprus member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details Your contacts for IT Governance & Security matters in PwC @cy.pwc.com technology-conculting November 2013 This content is for general information purposes only, and should not be used as a substitute for consultation with PricewaterhouseCoopers Ltd. All rights reserved. PwC refers to the Cyprus member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details Your contacts for IT Governance & Security matters in PwC

Recomendados

ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Khawar Nehal khawar.nehal@atrc.net.pk
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedJisc
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001qualitysummit
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012Hakem Filiz
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 

Recomendados

ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Iso 27001 10_apr_2006
Iso 27001 10_apr_2006Khawar Nehal khawar.nehal@atrc.net.pk
 
ISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedISO 27001 - three years of lessons learned
ISO 27001 - three years of lessons learnedJisc
 
Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)Reporting about Overview Summery of ISO-27000 Se.(ISMS)
Reporting about Overview Summery of ISO-27000 Se.(ISMS)AHM Pervej Kabir
 
Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001Mr. ahmed obaid the ceo guide to implement iso 27001
Mr. ahmed obaid the ceo guide to implement iso 27001qualitysummit
 
University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012University iso 27001 bgys intro and certification lami kaya may2012
University iso 27001 bgys intro and certification lami kaya may2012Hakem Filiz
 
NQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA Your Risk Assurance Partner
NQA Your Risk Assurance PartnerNQA
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 ControlsVISTA InfoSec
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemMuhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideVerde Ventures Pvt. Ltd.
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002pgpmikey
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changesn|u - The Open Security Community
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 
Iso 27002 certification_in_noida
Iso 27002 certification_in_noidaIso 27002 certification_in_noida
Iso 27002 certification_in_noidaElite Certication
 
Mapa mental iso 27002
Mapa mental iso 27002Mapa mental iso 27002
Mapa mental iso 27002Alexis Jara
 

Más contenido relacionado

La actualidad más candente

All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementationhimalya sharma
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANA Putra
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 ControlsVISTA InfoSec
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview Ahmed Riad .
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013Ramiro Cid
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002pgpmikey
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...himalya sharma
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)samsontamwaiho
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGArul Nambi
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013SAIGlobalAssurance
 

La actualidad más candente (20)

All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
ISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 ImplementationISO 27001 Training | ISO 27001 Implementation
ISO 27001 Training | ISO 27001 Implementation
 
NQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex ANQA ISO 27001 A Guide to Annex A
NQA ISO 27001 A Guide to Annex A
 
Guide on ISO 27001 Controls
Guide on ISO 27001 ControlsGuide on ISO 27001 Controls
Guide on ISO 27001 Controls
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview ISO/IEC 27001:2013 An Overview
ISO/IEC 27001:2013 An Overview
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
 
ISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guideISO 27001:2013 - A transition guide
ISO 27001:2013 - A transition guide
 
ISO/IEC 27001:2013
ISO/IEC 27001:2013ISO/IEC 27001:2013
ISO/IEC 27001:2013
 
Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002Implementing a Security Framework based on ISO/IEC 27002
Implementing a Security Framework based on ISO/IEC 27002
 
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
ISO 27001 Training | ISO 27001 Internal Auditor Training | ISMS Internal Audi...
 
ISO 27001:2013 - Changes
ISO 27001:2013 - ChangesISO 27001:2013 - Changes
ISO 27001:2013 - Changes
 
Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)Iso27001 Isaca Seminar (23 May 08)
Iso27001 Isaca Seminar (23 May 08)
 
ISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTINGISO 27001 - IMPLEMENTATION CONSULTING
ISO 27001 - IMPLEMENTATION CONSULTING
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Transitioning to iso 27001 2013
Transitioning to iso 27001 2013Transitioning to iso 27001 2013
Transitioning to iso 27001 2013
 

Destacado

Iso 27002 certification_in_noida
Iso 27002 certification_in_noidaIso 27002 certification_in_noida
Iso 27002 certification_in_noidaElite Certication
 
Mapa mental iso 27002
Mapa mental iso 27002Mapa mental iso 27002
Mapa mental iso 27002Alexis Jara
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaDiscover JKUAT
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk managementMichael Francis
 

Destacado (6)

Iso 27002 certification_in_noida
Iso 27002 certification_in_noidaIso 27002 certification_in_noida
Iso 27002 certification_in_noida
 
Mapa mental iso 27002
Mapa mental iso 27002Mapa mental iso 27002
Mapa mental iso 27002
 
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 ChecklistISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
ISO/IEC 27001:2005 naar ISO 27001:2013 Checklist
 
Information Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr WafulaInformation Security Management Systems(ISMS) By Dr Wafula
Information Security Management Systems(ISMS) By Dr Wafula
 
Iso 27002-2013
Iso 27002-2013Iso 27002-2013
Iso 27002-2013
 
The importance of information security risk management
The importance of information security risk managementThe importance of information security risk management
The importance of information security risk management
 

Similar a ISO 27002 2013 Atualizações / mudanças

UL DQS India News Letter - iSeeek jun_2014
UL DQS India News Letter - iSeeek jun_2014UL DQS India News Letter - iSeeek jun_2014
UL DQS India News Letter - iSeeek jun_2014DQS India
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdftoncik
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001PECB
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.Jerimi Soma
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfJhonGIg
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMSAkhil Garg
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...PECB
 
WEBINAR: Transitioning to ISO/IEC 27001: 2013
WEBINAR: Transitioning to ISO/IEC 27001: 2013WEBINAR: Transitioning to ISO/IEC 27001: 2013
WEBINAR: Transitioning to ISO/IEC 27001: 2013SAIGlobalAssurance
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyEvents2018
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingNguyễn Đăng Quang
 
How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementLars Neupart
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud SecurityIT Governance Ltd
 

Similar a ISO 27002 2013 Atualizações / mudanças (20)

UL DQS India News Letter - iSeeek jun_2014
UL DQS India News Letter - iSeeek jun_2014UL DQS India News Letter - iSeeek jun_2014
UL DQS India News Letter - iSeeek jun_2014
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
My Gap analysis results between ISO27001: 2022 and 2013 version as of 2022 fall.
 
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdfNQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
NQA-Webinar-A-guide-to-the-changes-to-ISO-27002.pdf
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
Overview of ISO 27001 ISMS
Overview of ISO 27001 ISMSOverview of ISO 27001 ISMS
Overview of ISO 27001 ISMS
 
The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...The significance of the Shift to Risk Management from Threat & Vulnerability ...
The significance of the Shift to Risk Management from Threat & Vulnerability ...
 
WEBINAR: Transitioning to ISO/IEC 27001: 2013
WEBINAR: Transitioning to ISO/IEC 27001: 2013WEBINAR: Transitioning to ISO/IEC 27001: 2013
WEBINAR: Transitioning to ISO/IEC 27001: 2013
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reillyTech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
Tech Connect Live 30th May 2018 ,GDPR Summit Sharon o' reilly
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
 
How the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk ManagementHow the the 2013 update of ISO 27001 Impacts your Risk Management
How the the 2013 update of ISO 27001 Impacts your Risk Management
 
Cyber Security and Cloud Security
Cyber Security and Cloud SecurityCyber Security and Cloud Security
Cyber Security and Cloud Security
 

Más de Fernando Palma

CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...Fernando Palma
 
Formação em ciência de dados
Formação em ciência de dadosFormação em ciência de dados
Formação em ciência de dadosFernando Palma
 
Apostila de Introdução ao Arduino
Apostila de Introdução ao ArduinoApostila de Introdução ao Arduino
Apostila de Introdução ao ArduinoFernando Palma
 
Apostila Arduino Basico
Apostila Arduino BasicoApostila Arduino Basico
Apostila Arduino BasicoFernando Palma
 
Cartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.brCartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.brFernando Palma
 
Ebook Apache Server: Guia Introdutório
Ebook Apache Server: Guia IntrodutórioEbook Apache Server: Guia Introdutório
Ebook Apache Server: Guia IntrodutórioFernando Palma
 
Apostila Zend Framework
Apostila Zend FrameworkApostila Zend Framework
Apostila Zend FrameworkFernando Palma
 
Ebook Governança de TI na Prática
Ebook Governança de TI na PráticaEbook Governança de TI na Prática
Ebook Governança de TI na PráticaFernando Palma
 
Simulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões ComentadasSimulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões ComentadasFernando Palma
 
Introdução à Aprendizagem de Máquina
Introdução à Aprendizagem de MáquinaIntrodução à Aprendizagem de Máquina
Introdução à Aprendizagem de MáquinaFernando Palma
 
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)Fernando Palma
 
Guia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half BrasilGuia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half BrasilFernando Palma
 
Gerenciamento na nuvem e System Center
Gerenciamento na nuvem e System CenterGerenciamento na nuvem e System Center
Gerenciamento na nuvem e System CenterFernando Palma
 
SAN: Storage Area Network
SAN: Storage Area NetworkSAN: Storage Area Network
SAN: Storage Area NetworkFernando Palma
 
Ebook ITIL Na Prática
Ebook ITIL Na PráticaEbook ITIL Na Prática
Ebook ITIL Na PráticaFernando Palma
 
Exemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MECExemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MECFernando Palma
 
Apostila Tutorial CakePHP
Apostila Tutorial CakePHPApostila Tutorial CakePHP
Apostila Tutorial CakePHPFernando Palma
 

Más de Fernando Palma (20)

CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
CRM Gerenciamento Do Relacionamento Com Clientes | Prof. Francisco Alves | C...
 
Formação em ciência de dados
Formação em ciência de dadosFormação em ciência de dados
Formação em ciência de dados
 
Apostila de Introdução ao Arduino
Apostila de Introdução ao ArduinoApostila de Introdução ao Arduino
Apostila de Introdução ao Arduino
 
Apostila Arduino Basico
Apostila Arduino BasicoApostila Arduino Basico
Apostila Arduino Basico
 
Cartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.brCartilha Segurança na Internet - CERT.br
Cartilha Segurança na Internet - CERT.br
 
Ebook Apache Server: Guia Introdutório
Ebook Apache Server: Guia IntrodutórioEbook Apache Server: Guia Introdutório
Ebook Apache Server: Guia Introdutório
 
Apostila Zend Framework
Apostila Zend FrameworkApostila Zend Framework
Apostila Zend Framework
 
Hacker Ético
Hacker ÉticoHacker Ético
Hacker Ético
 
Ebook Governança de TI na Prática
Ebook Governança de TI na PráticaEbook Governança de TI na Prática
Ebook Governança de TI na Prática
 
Simulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões ComentadasSimulado ITIL Foundation - Questões Comentadas
Simulado ITIL Foundation - Questões Comentadas
 
Introdução à Aprendizagem de Máquina
Introdução à Aprendizagem de MáquinaIntrodução à Aprendizagem de Máquina
Introdução à Aprendizagem de Máquina
 
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)PDTI - Plano Diretor de Tecnologia da Informação (modelo)
PDTI - Plano Diretor de Tecnologia da Informação (modelo)
 
Guia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half BrasilGuia Salarial 2017 Robert Half Brasil
Guia Salarial 2017 Robert Half Brasil
 
Tutorial memcached
Tutorial memcachedTutorial memcached
Tutorial memcached
 
Gerenciamento na nuvem e System Center
Gerenciamento na nuvem e System CenterGerenciamento na nuvem e System Center
Gerenciamento na nuvem e System Center
 
SAN: Storage Area Network
SAN: Storage Area NetworkSAN: Storage Area Network
SAN: Storage Area Network
 
Linguagem ABAP
Linguagem ABAPLinguagem ABAP
Linguagem ABAP
 
Ebook ITIL Na Prática
Ebook ITIL Na PráticaEbook ITIL Na Prática
Ebook ITIL Na Prática
 
Exemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MECExemplo de Plano Estratégico de TI - MEC
Exemplo de Plano Estratégico de TI - MEC
 
Apostila Tutorial CakePHP
Apostila Tutorial CakePHPApostila Tutorial CakePHP
Apostila Tutorial CakePHP
 

Último

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 

Último (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

ISO 27002 2013 Atualizações / mudanças

  • 1. 1 November 2013 New releases of ISO 27001:2013 and ISO 27002:2013 The new versions of ISO 27001 Information Security Management System (ISMS requirements) and ISO 27002 Code of Practice for Information Security Controls (aids the implementation of ISO 27001) were published in September 2013. An effectively implemented ISMS can improve the state of information security in an organisation. Organisations already ISO certified are allowed a period of two years to meet the requirements of the new ISO version. Changes in ISO 27002:2013  The revised Annex SL format has a new set of chapters and structure, as illustrated in the image in the Appendix.  The new structure is intended to standardise terminology and requirements to all management system standards, such as ISO 9000 Quality Management and ISO 20000 Information Technology – Service Management.  The Information Security Management System (ISMS) is renamed as Context of the Organisation.  The new version of the standard requires clear demonstration of leadership. Leadership and management are now clearly defined as two requirements. Leaders need to demonstrate commitment by defining strategic goals and ensuring that sufficient resources are available to implement information security correctly. Management is defined as the implementation and day to day running of the systems.  Organisations will now have the flexibility to implement the requirements in the most suitable way for them, since the new standard is less prescriptive.  A noticeable change is the withdrawal of the Plan-Do-Check-Act (PDCA) model which was an important section of the standard. The 2013 version uses a model in the mandatory clauses; however it is not a dedicated section.  The importance of interested parties is recognised in the new standard, where a separate clause is included which requires all interested parties to be listed under “Understanding the needs and expectations of interested parties”, along with their requirements.  Chapters on Risk Assessment and Risk Treatment were removed. The documentation of a Risk Management Methodology is not required and the assets-vulnerabilities-threats are not the basis of the risk assessment. Only risks associated with confidentiality, integrity and availability need to be identified. Also, the new concept of risk owners is introduced instead of asset owners.  The new standard includes 114 controls in 14 security control clauses (categories), whereas the 2005 standard had 133 controls in 11 security control clauses.  Two new categories are added – “Cryptography” and “Supplier Relationships” and the existing category “Communications and operations management” is split into two categories– “Operations Security” and “Communications Security”.  Many controls included in the standard are not altered while some controls are deleted or merged together. Additionally, some new controls are added and the guidance text is accordingly updated.  The tables below illustrate the security control clauses (categories) included in ISO 27002:20013 and ISO 27001:2005. ISO 27002:2013 ISO 27002:2005 5 Information Security Policies Security Policy 6 Organisation of Information Security Organisation of Information Security 7 Human Resource Security Asset Management 8 Asset Management Human Resource Security 9 Access Control Physical and Environmental Security
  • 2. Risk Assurance Consulting (RAC) November 2013 2 ISO 27002:2013 ISO 27002:2005 10 Cryptography Communications and Operations Management 11 Physical and Environmental Security Access Control 12 Operations Security Information Systems Acquisition, Development and Maintenance 13 Communications Security Information Security Incident Management 14 System acquisition, Development and Maintenance Business Continuity Management 15 Supplier Relationships Compliance 16 Information Security Incident Management 17 Information Security Aspects of Business Continuity Management 18 Compliance New controls proposed in the ISO 27002:2013 release Controls added in 27002:2013 A.6.1.5 Information security in project management A.12.6.2 Restrictions on software installation A.14.2.1 Secure development policy A.14.2.5 System development procedures A.14.2.6 Secure development environment A.14.2.8 System security testing A.15.1.1 Information security policy for supplier relationships A.15.1.3 Information and Communication Technology supply chain A.16.1.4 Assessment and decision of information security events A.16.1.5 Response to information security incidents A.17.1.2 Implementing information security continuity A.17.2.1 Availability of information processing facilities ISO 27002:2005 controls deleted 27001:2005 control deleted in ISO 27001:2013 A.6.1.1 Management commitment to information security A.6.1.2 Information security coordination A.6.1.4 Authorisation process for information processing facilities A.6.2.1 Identification of risks related to external parties A.6.2.2 Addressing security when dealing with customers A.10.2.1 Service delivery A.10.7.4 Security of system documentation A.10.8.5 Business Information Systems A.10.10.2 Monitoring system use A.10.10.5 Fault logging A.11.4.2 User authentication for external connections A.11.4.3 Equipment identification in networks A.11.4.4 Remote Diagnostic and configuration port protection A.11.4.6 Network Connection control A.11.4.7 Network routing control A.11.6.2 Sensitive system isolation
  • 3. Risk Assurance Consulting (RAC) November 2013 3 27001:2005 control deleted in ISO 27001:2013 A.12.2.1 Input data validation A.12.2.2 Control of internal processing A.12.2.3 Message integrity A.12.2.4 Output data validation A.12.5.4 Information leakage A.14.1.1 Including information security in the business continuity management process A.14.1.3 Developing and implementing continuity plans including formation security. A.14.1.4 Business continuity planning framework A.15.1.5 Prevention of misuse of information processing facilities A.15.3.2 Protection of information systems audit tools We would be pleased to meet with you and provide you with any clarifications and / or additional information on matters raised.
  • 4. Risk Assurance Consulting (RAC) November 2013 4 Appendix: Revised ISO 27002:2013 structure
  • 5. Risk Assurance Consulting (RAC) This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors. © 2013 PricewaterhouseCoopers Ltd. All rights reserved. PwC refers to the Cyprus member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details Your contacts for IT Governance & Security matters in PwC Cyprus: George Lambrou Partner Risk Assurance Consulting Tel. +357 - 22 555 728 george.lambrou@cy.pwc.com Christos Tsolakis Partner Risk Assurance Consulting Tel. +357 - 22 555 570 christos.tsolakis@cy.pwc.com Demos Demou Manager Risk Assurance Consulting Tel. +357 - 22 555 056 demos.demou@cy.pwc.com Efthyvoulos Efthyvoulou Manager Risk Assurance Consulting Tel. +357 - 22 555 460 efhtyvoulos.efthyvoulou@cy.pwc.com Alexis Thomas Manager Risk Assurance Consulting Tel. +357 - 22 555 625 alexis.thomas@cy.pwc.com www.pwc.com.cy/technology PwC Cyprus Julia House 3 Themistocles Dervis Street CY-1066 Nicosia, Cyprus P O Box 21612 CY-1591 Nicosia, Cyprus www.pwc.com.cy Risk Assurance Consulting (RAC) This content is for general information purposes only, and should not be used as a substitute for consultation with PricewaterhouseCoopers Ltd. All rights reserved. PwC refers to the Cyprus member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details Your contacts for IT Governance & Security matters in PwC @cy.pwc.com technology-conculting November 2013 This content is for general information purposes only, and should not be used as a substitute for consultation with PricewaterhouseCoopers Ltd. All rights reserved. PwC refers to the Cyprus member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see www.pwc.com/structure for further details Your contacts for IT Governance & Security matters in PwC