March 28, 2024
Since its initial publication in 2005, the International Organization for Standardization’s ISO 27001 served as the information security industry’s gold standard for the design of information security programs. The standard defines the high-level requirements that all information security programs should address and provides a structure for evaluating the completeness of an organization’s program. While relatively few organizations pursue formal ISO 27001 certification, many use the standard as both a blueprint for designing a comprehensive set of security controls and a yardstick for measuring existing security programs.
Last September, ISO 27001 received its first major update, with the release of ISO 27001:2013. This new standard accomplishes two main objectives: updating the content of the standard to reflect developments in the security world over the past decade and reorganizing the standard to better align with other international standards.
Read more:ISO 27001:2013 update: What changes?
Published March 14, 2014 on SearchSecurity.com
Leave a Reply