» NEWS

The International Organization for Standardization (ISO) has published several new versions of standards and new standards since the beginning of 2016:

ISO/IEC 27000:2016 - Information technology - Security techniques - Information security management systems - Overview and vocabulary
ISO/IEC 27003:2017 - Information technology - Security techniques - Information security management system implementation guidance
ISO/IEC 27004:2016 - Information technology - Security techniques - Information security management – Measurement
ISO/IEC 27009:2016 - Information technology - Security techniques - Sector-specific application of ISO/IEC 27001 - Requirements
ISO/IEC TR 27011:2016 - Information technology - Security techniques - Code of practice for Information security controls based on ISO/IEC 27002 for telecommunications organizations
ISO/IEC WD 27034-6:2016 - Application security - Part 6: Security guidance for specific applications
ISO/IEC 27035-1:2016 - Information technology - Security techniques - Information security incident management - Part 1: Principles of incident management
ISO/IEC 27035-2:2016 - Information technology - Security techniques - Information security incident management - Part 2: Guidelines to plan and prepare for incident response
ISO/IEC 27036-4:2016 - Information technology - Security techniques - Information security for supplier relationships - Part 4: Guidelines for security of outsourcing
ISO/IEC 27050-1:2016 - Information technology -- Security techniques - Electronic discovery - Part 1: Overview and concepts
ISO/IEC 27799:2016 - Health informatics -- Information security management in health using ISO/IEC 27002

----------------------

Since the beginning of 2015 the International Organization for Standardization ISO has published three new standards from ISO / IEC 27000 group of standards:

ISO / IEC 27039: 2015 Information technology - Security techniques - Selection, deployment and operations of intrusion detection systems provides guidelines to assist organizations in preparing to deploy intrusion detection and prevention systems (IDPS). In particular, it addresses the selection, deployment, and operations of IDPS. It also provides background information from which these guidelines are derived.

ISO/IEC 27040:2015 - Information technology - Security techniques - Storage security provides detailed technical guidance on how organizations can define an appropriate level of risk mitigation by employing a well-proven and consistent approach to the planning, design, documentation, and implementation of data storage security. ISO/IEC 27040:2015 provides an overview of storage security concepts and related definitions. It includes guidance on the threat, design, and control aspects associated with typical storage scenarios and storage technology areas. In addition, it provides references to other International Standards and technical reports that address existing practices and techniques that can be applied to storage security.

ISO/IEC 27043:2015 - Information technology - Security techniques - Investigation principles and processes provides guidelines based on idealized models for common incident investigation processes across various incident investigation scenarios involving digital evidence. This includes processes from pre-incident preparation through investigation closure, as well as any general advice and caveats on such processes. The guidelines describe processes and principles applicable to various kinds of investigations, including, but not limited to, unauthorized access, data corruption, system crashes, or corporate breaches of information security, as well as any other digital investigation.

-----------
Management Systems Consulting Services (MSCServices) Ltd.
signed a contract with the international organization for personnel certification - Professional Evaluation and Certification Board (PECB), Montreal and got a PECB accredited training partnet status. So MSCServices Ltd. won the right to organize specialized PECB trainings. The trainees who have successfully completed the training and exam receive a PECB certificate , bearing the logo of American accreditation organization ANSI.
----------
International Organization for Standardization (ISO) published some new standards and versions of standards of group ISO 9000 , ISO 20000 , ISO 31000. 

The standard ISO/IEC TR 90006:2013 Information technology - Guidelines for the application of ISO 9001:2008 to IT service management and its integration with ISO / IEC 20000-1:2011 provides guidance on the application of ISO 9001:2008 for IT service management. Additionaly, ISO/IEC TR 90006:2013 provides guidance for alignment and integration of QMS and SMS in organizations where services are provided to internal or external clients.

The standard ISO/IEC TR 20000-5:2013 Information technology - Service management - Part 5 : Exemplar implementation plan for ISO / IEC 20000-1 is a sample implementation plan providing guidance how to implement a service
management system (SMS)  to fulfill the requirements of ISO/IEC TR 20000-1:2011.

The standard ISO/IEC TR 20000-10:2013 Information technology - Service management - Part 10: Concepts and terminology provides an overview of the concepts and terminology of ISO/IEC 20000. It provides a common framework to help organizations to understand the purpose of all parts of ISO / IEC 20000 and the relationships between parts.

The standard ISO/TR 31004:2013 Risk management - Guidance for the implementation of ISO 31000 provides organizations with guidance on effective risk management through the implementation of ISO 31000:2009. The standard can be used by any public, private or community enterprise, association, group or individual.

------------
The International Organization for Standardization (ISO) has published the new vesrions of the standards ISO/IEC 27001:2013 and ISO/IEC 27002:2013. The organizations certified against ISO/IEC 27001:2005 have two years for migration to the new version of the standard.

------------
The International Organization for Standardization (ISO) has published two new standards of ISO / IEC 27000 series of standards. 45 other standards are under development or revision.
ISO / IEC TR 27019:2013 Information technology - Security techniques - Information security guidelines based on ISO / IEC 27002 for process control system specific to the energy utility industry provides guidelines based on ISO / IEC 27002 for information security management applied to process control systems as used in the energy utility industry. The aim of ISO/IEC 27019:2013 is to extend the ISO/IEC 27000 set of standards to the domain of process control systems and automation technology, thus allowing the energy utility industry to implement a standardized information security management systems (ISMS) in accordance with ISO/IEC 27001 that extends from the business to the process control level.
The scope of ISO/IEC TR 27019:2013 covers process control systems used by the energy utility industry for controlling and monitoring the generation, transmission, storage and distribution of electric power, gas and heat in combination with the control of supporting processes.
ISO / IEC 27033-5:2013 Information technology - Security techniques - Network security - Part 5: Securing communications across networks using Virtual Private Networks (VPNs) provide guidelines for the selection, implementation and monitoring of technical controls necessary to provide network security using Virtual Private Networks (VPN) connections to interconnect networks and connect remote users to networks.

-------------
International Organization for Standardization (ISO) issued a new standards of ISO/IEC 27000 series of standards. ISO/IEC 27014:2013 "Information technology - Security techniques - Governance of information security" provides guidance on concepts and principles for the governance of information security, by which organizations can evaluate, direct, monitor and communicates the information security related activities within the organization. The standard is applicable to all types and sizes of organizations.

-------------
International Organization for Standardization (ISO) issued 6 new standards of ISO/IEC 27000 series of standards.The standard ISO/IEC 27000:2012 "Information technology - Security techniques - Information security management systems - Overview and vocabulary" describes the overview and the vocabulary of information security management systems, which form the subject of the ISMS family of standards, and defines related terms and definitions.The standard ISO/IEC 27013:2012 "Information technology - Security techniques - Guidance on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1" provides guidelines on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1 for those organizations which are intending to either
- implement ISO/IEC 27001 when ISO/IEC 20000-1 is already implemented, or vice versa;
- implement both ISO/IEC 27001 and ISO/IEC 20000-1 together;
- integrate existing ISO/IEC 27001 and ISO/IEC 20000-1 management systems.
ISO/IEC 27013:2012 focuses exclusively on the integrated implementation of ISO/IEC 27001 and ISO/IEC 20000-1.
The standard ISO/IEC TR 27015:2012 "Information technology - Security techniques -Information security management guidelines for financial services" provides information security guidance complementing and in addition to information security controls defined in ISO/IEC 27002:2005 for initiating, implementing, maintaining, and improving information security within organizations providing financial services.
The standard ISO/IEC 27032:2012 "Information technology - Security techniques - Guidelines for cybersecurity" provides guidance for improving the state of Cybersecurity, drawing out the unique aspects of that activity and its dependencies on other security domains, in particular: information security, network security, internet security, and critical information infrastructure protection (CIIP). It covers the baseline security practices for stakeholders in the Cyberspace.
The standard ISO/IEC 27033-2:2012 "Information technology - Security techniques - Network security - Part 2: Guidelines for the design and implementation of network security" gives guidelines for organizations to plan, design, implement and document network security.

---------------
International Organization for Standardization (ISO) issued the new standard ISO/IEC 27010:2012 "Information technology - Security techniques  -  Information  security  management  for  inter-sector  and   inter -organizational communications". The standard provides guidelines in addition to guidance given in the ISO/IEC 27000 family of standards for implementing information security management within information sharing communities. ISO/IEC 27010:2012 provides controls and guidance specifically relating to initiating, implementing, maintaining, and improving information security in inter-organizational and inter-sector communications. ISO/IEC 27010:2012 is applicable to all forms of exchange and sharing of sensitive information, both public and private, nationally and internationally, within the same industry or market sector or between sectors. In particular, it may be applicable to information exchanges and sharing relating to the provision, maintenance and protection of an organization's or nation state's critical infrastructure.

----------------
The new version of the International Standard ISO / IEC 27001 is under construction. Here are some interesting expected changes:- Declaration of applicability will be referred to Appendix A of the standard- Some new details of the requirements to ther risk treatment plan - the plan must includes all risks, including accepted risks The new version of the standard ISO / IEC 27001 is exected for publishing by the International Organization for Standardization (ISO) in late 2012 or early 2013.

-----------------
International Organization for Standardization (ISO) issued the new standard ISO 22301:2012 “Societal security. Continuity management systems - Requirements ", which will replace the currently popular BS 25999-2. The new standard retains all the basic principles of BS 25999-2 and formulates a clear PDCA model, It introduces the structure of ISO 9001, ISO 14001, ISO 27001 and refines number of requirements.

-----------------
International Organization for Standardization (ISO) issued a new version of the standard ISO/IEC 20000-2ISO/IEC 20000-2:2012 - Information technology - Service management - Part 2: Guidance on the application of service management systems. The standard enables organizations and individuals to interpret ISO/IES 20000-1 more accurately, and therefore to use it more effectively. The guidance includes examples and suggestions to enable organizations to interpret and apply ISO/IEC 20000-1, including references to other parts of ISO/IEC 20000 and other relevant standards.

-----------------
International Organization for Standardization (ISO) issued several new standards of ISO 27000 series of standards in the second half of 2011. We present them to your attention:- ISO/IEC 27006:2011 - Information technology - Security techniques - Requirements for bodies providing audit and certification of information security management systems- ISO/IEC 27007:2011 - Information technology - Security techniques - Guidelines for information security management systems auditing- ISO/IEC TR 27008:2011 - Information technology - Security techniques - Guidelines for auditors on information security controls- ISO/IEC 27031:2011 - Information technology - Security techniques - Guidelines for information and communication technology readiness for business continuity- ISO/IEC 27034-1:2011 - Information technology - Security techniques - Application security - Part 1: Overview and concepts- ISO/IEC 27035:2011 - Information technology - Security techniques - Information security incident management.Under construction are 29 new and upgraded versions of standards of ISO 27000 series, which will support specific areas of implementation of information security management systems.

-----------------
ISO/IEC 27005:2011 – the new version of the standard for an information security risk management has already been published and is available to interested parties. The standard is an excellent tool for successfully resolving one of the most important tasks in the implementation and development of the information security management systems - assessment and risk management of the information security. The main changes in the new version of the standard are related to its synchronization with the standard ISO 31000:2009 "Risk Management. Principles and guidelines ", and better systematization of the content.

-----------------
The new standard ISO/DIS 22301 “Societal security Preparedness and continuity management systems - Requirements ", which will replace the currently popular BS 25999-2, expected to be published later this year. Based on a draft of the new standard, published on BSi Draft Review website, it will retain all the basic principles of BS 25999-2 and will formulate a clear PDCA model, will introduce the structure of ISO 9001, ISO 14001, ISO 27001 and will refine number of requirements. The migration of the organizations, certified under the standard BS 25999-2 to the new standardis expected to be within two years.ISO/DIS 22301 is expected to be published in November 2011.

CONTACTS