ISO 27009 has joined the family of ISO 27000 to help implement the security requirements of the information to specific sectors with specific needs in this area.

The needs of specific sectors with specific characteristics has led to the creation of a new standard ISO 27000, ISO 27009 family.
With the increased use of new technologies opportunities for many companies they have been increased exponentially, but it has also grown in number and importance of the risks and threats that are affected by the activity of your day.

To respond to this new situation, the ISO 27000 family has been extended with new members that focus on specific sectors requiring specific considerations such as transport, telecommunications and infrastructure.

ISO 27001: 2014: Solutions to today’s threats.

topic514notesimage1

If we look at the figures it gives us the 2015 report “The Global Stade of Information Security Survey 2016” can be seen as an increase of 38% of incidents in information globally on an upward trend for several years in number, frequency, severity and impact.

And we have to keep in mind that the objectives are diversified and we are not only large organizations that are affected but SMEs have also entered the crosshairs suffering from a general point of view, large losses in information commercial and / or intellectual property, as well as damage to the reputation of the brand when they suffer direct or partial one of these incidents of information security form.

At the end of the day, all these data and information are one of the most valuable assets and the vulnerable time influencing continuity and business growth both in the present and in the future.

Given this scenario, the ISO 27001 information security management system in its current version of 2014 has been revised and updated to suit the needs of business, market developments, new risks and threats and opportunities, the context and the importance of the various stakeholders.

All this, to continue to ensure the confidentiality, integrity and availability of information, as well as control and proper treatment of those risks and related to it, threats that your company is exposed and which may seriously affect it.

Thanks to its revision, ISO 27001: 2014 is the perfect ally and a key strategic decision for all companies are aware that the security of the information available is key.

However, in this new framework necessary rules for specific sectors and for this the ISO 27000 family has been extended with new members, some of them already published it became.

Cyberattack statistics show an increase in last years

iso-survey-bar-chart-2014

 

stats_by-failure_27001

ISO 27009 recently published.
To help implement the requirements in relation to information security listed in ISO 27001: 2014 for specific sectors, recently published ISO / IEC 27009 Standard.

This new standard provides some additional requirements and guidelines to the already known information security management system according to ISO 27001 to suit the specific characteristics and needs of sectors such as transport, health, finance and infrastructure

ISO 27009 is designed to help implement sector-specific characteristics with the requirements for information security ISO 27001.

In this way, provides advice and guidance to standards developers and, as it indicates the International Organization for Standardization “ISO / IEC 27009 will Ensure That the development of new, and the Revision of Existing, industry – specific standards can all adopt an That approach is consistent With ISO / IEC 27001. THEREFORE, it will Provide advice on how to add to, refine or interpret the requirements of ISO / IEC 27001 and how to add or modify the guidance Implementation of ISO / IEC 27002 for industry – specific use “.

Security techniques – – ISO / IEC 27009, Information technology standard industry-specific application of ISO / IEC 27001, joins the family of ISO Standards and, no doubt, you will have a great impact on the future of the rules contained in this family and related to information security.

Finally, not only we must emphasize the incorporation and role of ISO 27009, but there are standards already published and another with next date of publication that focuses on specific aspects that are relevant within this family, such as:

– ISO / IEC 27011: 2008 focused on telecommunications.

– ISO / IEC 27017: 2015 for the field of cloud computing.

– And ISO / IEC 27019 in the energy sector.

ISO 27001: 2014: Solutions to today’s threats.

Uso de cookies

Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.

ACEPTAR
Aviso de cookies