In times when Cloud Computing, Internet of Things, mobile devices (including environments BYOD) are an increasingly widespread reality (and unstoppable future), thereby opening backdoors to our corporate network (and their respective threats), which place touches the IT security officer to manage an increasingly large number of hits and risks? Where is our corporate perimeter? Block accesses can talk or we have only to settle for being resilient to attacks due to a lack of control visibility and access control? Many doubts are raised, the market has responded and there are technological and non-technological solutions that seek to remedy the growing risk are suffering the organizations withRead More →

There are some important changes introduced on version ISO/IEC 27001:2013 Regarding the structure of this new version: More Domains: 14 domains in version 2013 instead of 11 in version 2005. The 3 new domains are: A.10: Cryptographic technology A.12: Operational security A.15: Security for suppliers and third parties Less Controls: 114 controls in version 2013 instead 133 in version 2005 The new controls are: A.6.1.5 Information security in project management A.12.6.2 Restrictions on software installation A.14.2.1 Secure development policy A.14.2.5 Secure system engineering principles A.14.2.6 Secure development environment A.14.2.8 System security testing A.15.1.1 Information security policy for supplier relationships A.15.1.3 Information and communication technology supply chainRead More →