There are some important changes introduced on version ISO/IEC 27001:2013
Regarding the structure of this new version:
14 domains in version 2013 instead of 11 in version 2005.
The 3 new domains are:
- A.10: Cryptographic technology
- A.12: Operational security
- A.15: Security for suppliers and third parties
114 controls in version 2013 instead 133 in version 2005
The new controls are:
- A.6.1.5 Information security in project management
- A.12.6.2 Restrictions on software installation
- A.14.2.1 Secure development policy
- A.14.2.5 Secure system engineering principles
- A.14.2.6 Secure development environment
- A.14.2.8 System security testing
- A.15.1.1 Information security policy for supplier relationships
- A.15.1.3 Information and communication technology supply chain
- A.16.1.4 Assessment of and decision on information security events
- A.16.1.5 Response to information security incidents
- A.17.2.1 Availability of information processing facilities
More data about the comparison of these 2 versions in: http://www.slideshare.net/RamiroCid/iso-270012013
The ISO 31000:2009 is a standard published on the 13th of November 2009, and provides a standard on the implementation of risk management which provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector.
Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
ISO 31000 family is expected to include:
* ISO 31000:2009 – Principles and Guidelines on Implementation
* ISO/IEC 31010:2009 – Risk Management – Risk Assessment Techniques
* ISO Guide 73:2009 – Risk Management – Vocabulary
Lean IT is an extension of Lean manufacturing and Lean services principles to the development and management of information technology (IT) products and services.
Lean concept and principles are not new because they were developed by Toyota some decades ago, but the use of Lean on IT is new.
Lean IT central concern, applied in the context of IT, is the elimination of waste (or fat), where waste is work that adds no value to a product or service developed/delivered by the company.
The approach is a way of thinking and acting, focussing heavily on organizational culture.
Lean IT is associated with the development and management of Information Technology products and services.
As lean manufacturing has become more widely implemented, the extension of lean principles is beginning to spread to IT (and other service industries). Industry analysts have identified many similarities or analogues between IT and manufacturing.
Consultants and evangelists for Lean IT identify an abundance of waste across the business service “production line”, including legacy infrastructure and fractured processes.
Lean Principles are concerned with:
- Increasing customer value
- Eliminating waste (work that does not add value)
- Management as a facilitator
- The involvement of all employees
- Continual improvement
- Preserving value with less work.
Growing with Lean IT:
- Lean management applied to IT maintenance and operations
- Lean IT to develop outstanding products
- Lean as a competitive advantage for IS service providers
- Information systems supporting the lean company.
IT Governance has an ISO, it is the ISO/IEC 38500:2008 “Corporate governance of information technology”.
This standard was published in June 2008 and complements the set of ISO standards that affect the systems and information technologies (such as ISO/IEC 27001, ISO/IEC 20000, etc.).
This rule sets standards for good management of business processes and decisions related to information and communication services that are usually managed by specialists in IS / internal or within other business units of the IT organization, such as suppliers external service. In essence, all that this proposed rule can be summarized into three main purposes:
a) Ensure that, if the rule is followed properly, the stakeholders (managers, consultants, engineers, hardware vendors, auditors, etc.), can rely on the corporate governance of IT.
b) provide information and guidance to managers that control the use of IS/IT in your organization/company
c) Provide a basis for objective evaluation by top management of IT management. IT governance framework Likewise, the rule encourages adopt a minimum set of measures for the organization to get your IT goals.
All there are translated into 6 basic principles:
1. The establishment of responsibilities to competenters people for decision making
2. Alignment of IT with the strategic objectives of the organization (a good planning support to the improvement of the organization)
3. The investment in IT goods suitable
4. Quality in the operation of IT systems
5. Ensuring legal compliance or regulatory IT systems
6. The involvement of the human factor and respect at the same
To remark the last 2:
- Compliance with the legal environment is a growing need in the context of IS/IT organizations of any size, as there is a lot of legislation regulating the use of information, communications, etc. forming a binding legal framework that can not be ignored.
- The human factor is often treated very tangentially in many business strategies and, above all, IS/IT. Fortunately, this standard (as ISO 27001 for example in his domain “8. Security linked to Human Resources”), incorporated as a fundamental pillar more.
Companies increasingly have more presence on the Internet, this being actively or by the action of users and customers in opinion forums, blogs, etc.
As a result, increasingly monitoring the assessment that the public (Internet) makes our business or organization on the Internet is becoming more important. Becoming increasingly critical to have the proper management of corporate reputation online.
Digital identity and corporate reputation online today are very important aspects that companies should not be neglected, because of not having proper management of it, is exposing the organization to risks related to privacy and security that can affect the image of the company in the virtual environment.
To try to find a remedy for these problems coupled with the positioning and reputation online that the organization wants to carry out, there is the option you can choose any business is to conduct a successful creation and management of digital corporate identity.
In recent years, marketed as “Community Manager” or SEO are increasingly having more presence in recruitment processes giving to see that companies are beginning to take seriously have sound management of their identity and reputation on the Internet .
INTECO has developed a complete guide in PDF format.