Project Planning–CMMI–A vertebral to Project Performance
1 October, 2013Project Monitoring and Control-CMMI with SCRUM methodology in action
26 November, 2013Top 5 Reasons to get trained into the New ISO/IEC 27001:2013 ISMS
A lot of noise on the shore, a lot of stuff to read on , a lot more people talking about the newer version of Information Security ISO ISMS 27001:2013 right?. Let’s head up all information security managers, system administrators, ISO 27001 certified Consultants, ISO 27001 certified auditors; it’s the time to hear well about the new ISMS 27001:2013 to further uplift your proficiencies at workplace.
The question that is boggling across all the certified 27001:2013 standard is why? What is the need? How to get trained? Will the changes be useful? I am here to answer all the repercussions upraised from these newbies.
Top 5 reasons to get along with the new standard ISMS 27001:2013
The high level structure preferences
The previous version 27001:2005 was released 8 years back, while there is a significant change in information technology in these years. This revision ISO/IEC ISMS 27001:2013 is in a new high level language structure which syncs with all the new management standards and will allow easy flexibility and integration while implementing any new management standard with it.
Risk Assessment and mitigation
The major role playing and the centre attraction to the new standard is the risk management process that has been given extreme flexibility to the risk owner. You identify the risk, analyse track document and handle the risk mitigation plan in relation to integrity and confidentiality terms, thus attempting to adapt the risk process to the risk management standard ISO 31000. Risk Assessment plan is much clearer, comprehensive and more objective which is a requisite for IT security management. So there is a goof enough IT risk management in the process an people will better be able to achieve the information security objectives.
Controls in Annexure A
The insertion of supply change management security is seen in the Annexure A. The controls have been revised in a way that helps in securing supplier relationships. It has also removed remove redundancy among the controls and has a more logical grouping. Specific controls have also been added.
Changes in domains, control objectives and feature controls
The number of domains has also been increased however the total numbers of controls have reduced. There are 14 domains, 35 control objectives and 112 detail controls. One of the great clauses added is assessment and decision of IT security events that focuses on incident response program.
Performance evaluation essentials
With ISMS 27001:2013 performances will be managed on a defined scale. This includes Monitoring and measurement analysis, internal audit and management review. Monitoring will define what you need to monitor, Internal audit will focus on the specify measurements and clauses and Management review will review bases on the audit results that will fall under this category. This will give uplift toward implementation of your IT security management process.
Being known that IT Security is the necessary requirement of any organization and reviewing all the changes plotted here, I am sure your organization will incur huge benefits to ISO 27001:2013 Implementation indispensable to the organization level requirements.
Related posts
Real life businesspeople shot on location. Since these locations are the real thing, and not shot in an "office studio", high ISO levels are sometimes needed to catch the moment. The ISO range is between 250-600 so it should be fine for most usage cases. Most people won't notice anything really, but if you are a nerd like us, you can see a little noise.
