Zusammenfassung
Nach acht Jahren wurde 2013 der ISMS-Standard ISO/IEC 27001 überarbeitet. In diese überarbeitung sind viele Erfahrungen aus der Praxis eingeflossen, die ein Arbeiten nach dem neuen Standard vereinfachen sollen. In diesem Beitrag werden die wesentlichen Änderungen im Standard und im Anhang A vorgestellt. Um es vorweg zu nehmen: Die Änderungen sind weder belanglos noch revolutionär, sondern überwiegend praxisrelevante Verbesserungen.
Referenzen
[ISO_22301_2012]_ISO/IEC 22301:2012 — Societal security — Business continuity management systems — Requirements http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=50038
[ISO_27000_2014]_ISO/IEC 27000:2014 — Information technology — Security techniques — Information security management systems — Overview and vocabulary http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=63411
[ISO_27001_2013]_ISO/IEC 27001:2013 — Information technology — Security techniques — Information security management systems — Requirements http://www.iso.org/iso/home/standards/management-standards/iso27001.htm
[ISO_27002_2013]_ISO/IEC 27002:2013 — Information technology — Security techniques — Code of practice for information security controls http://www.iso.org/iso/catalogue_detail?csnumber=54533
[ISO_27003_2010]_ISO/IEC 27003:2010 — Information technology — Security techniques — Information security management system implementation guidance http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42105
[ISO_27005_2011]_ISO/IEC 27005:2011 — Information technology — Security techniques — Information security risk management http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber= 56742
[ISO_27007_2011]_ISO/IEC 27007:2011 — Information technology — Security techniques — Guidelines for information security management systems auditing http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=42506
[ISO_27008_2011]_ISO/IEC 27008:2011 — Information technology — Security techniques — Guidelines for auditors on information security controls http://www.iso.org/iso/home/store/catalogue_tc/catalogue_detail.htm?csnumber=45244
[ISO_31000_2009]_ISO 31000:2009 — Risk management — Principles and guidelines http://www.iso.org/iso/catalogue_detail?csnumber=43170
[IEC_31010_2009]_IEC 31010:2009 — Risk management — Risk assessment techniques http://www.iso.org/iso/catalogue_detail?csnumber=51073
[Annex_SL]_Annex SL http://www.iso.org/iso/home/standards_development/resources-for-technical-work/iso_iec_directives_and_iso_supplement.htm
[IRCA_Briefing_Note]_IRCA Briefing Note — Annex SL http://www.irca.org/en-gb/resources/INform/archive/issue35/Technical/Introducing-Annex-SL/
Author information
Authors and Affiliations
Corresponding author
Additional information
Kai Jendrian Security Consultant bei der Secorvo Security Consulting GmbH, lizenzierter Auditor und Mitglied im Board des deutschen OWASP Chapters. Beratungsschwerpunkte: Information Security Management und Anwendungssicherheit.
Rights and permissions
About this article
Cite this article
Jendrian, K. Der Standard ISO/IEC 27001:2013. Datenschutz Datensich 38, 552–557 (2014). https://doi.org/10.1007/s11623-014-0182-x
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11623-014-0182-x