ISO/IEC 27001:2013 (Draft mayor changes)

Recently I went to a forum about ISO/IEC 27001. At the end of the forum what caught my attention was the changes on the new version draft, where the main approach is to standardise all ISO normalisation documents to SL Annex, here is a list of the mail changes:

  1. Definitions is gone from ISO/IEC 27001, now ISO/IEC 27000 definitions apply.
  2. PDCA model removed, continuous improvement is inherent.
  3. +28 new mandatory requirements for a total of 130.
  4. Inclusion of new sections.
  5. Implementation order is irrelevant, what matter is get compliant.
  6. Riskowner is the new role for risk assessment process.
  7. -19 controls on Annex A, going from 133 in version 2005 to 114 in new draft.

There a couple more changes but I think this are the most relevant.

pfSense is awesome!

pfSense logoRecently made a job with pfSense (complete secure perimeter FreeBSD distribution) and was thinking on blogging something about it, I knew it since its very early beginnings and was amused by the promising list of features and it’s glad to realize that today the project is beyond the initial scope, this only can be achieved by the Open Source/Free Software model and we all benefit from it in so many ways! if you’re interested give it a try. And if you need any help, here we are 😉