Comparison between ISO/IEC 27001:2013 and ISO/IEC 27001:2005
There are some important changes introduced on version ISO/IEC 27001:2013 Regarding the structure of this new version: More Domains: 14 domains in version 2013 instead of 11 in version 2005. The 3 new domains are: A.10: Cryptographic technology A.12: Operational security A.15: Security for suppliers and third parties Less Controls: 114 controls in version 2013 instead 133 in version 2005 The new controls are: A.6.1.5 Information security in project management A.12.6.2 Restrictions on software installation A.14.2.1 Secure development policy A.14.2.5 Secure system engineering principles A.14.2.6 Secure development environment A.14.2.8 System security testing A.15.1.1 Information security policy for supplier relationships A.15.1.3 Information and communication technology supply chainRead More →