ISO/IEC 27701:2019, was published in August 2019. This new ISO comes from ISO/IEC 27552:2019 (published a month before). This regulation is an extension of privacy of ISO/IEC 27001:2013, being a certifiable extension of it. ISO/IEC 27701:2019 describes a framework for Personally Identifiable Information Controllers (PII) and PII Processors to manage privacy controls to reduce the risk to people’s privacy rights. ISO/IEC 27701:2019 contains 263 controls contained in 8 main sections of requirements and controls related to the orientation with which they should be implemented by an organization: ISO scope, references, terms Context of the organization Leadership Planning Support Operation Performance evaluation Improvement ISO/IEC 27701:2019 focusesRead More →

In times when Cloud Computing, Internet of Things, mobile devices (including environments BYOD) are an increasingly widespread reality (and unstoppable future), thereby opening backdoors to our corporate network (and their respective threats), which place touches the IT security officer to manage an increasingly large number of hits and risks? Where is our corporate perimeter? Block accesses can talk or we have only to settle for being resilient to attacks due to a lack of control visibility and access control? Many doubts are raised, the market has responded and there are technological and non-technological solutions that seek to remedy the growing risk are suffering the organizations withRead More →

There are some important changes introduced on version ISO/IEC 27001:2013 Regarding the structure of this new version: More Domains: 14 domains in version 2013 instead of 11 in version 2005. The 3 new domains are: A.10: Cryptographic technology A.12: Operational security A.15: Security for suppliers and third parties Less Controls: 114 controls in version 2013 instead 133 in version 2005 The new controls are: A.6.1.5 Information security in project management A.12.6.2 Restrictions on software installation A.14.2.1 Secure development policy A.14.2.5 Secure system engineering principles A.14.2.6 Secure development environment A.14.2.8 System security testing A.15.1.1 Information security policy for supplier relationships A.15.1.3 Information and communication technology supply chainRead More →