All bloggings

Graças a Filipe Nicacio, agora oferecemos traduções para português brasileiro de alguns materiais do ISO27k Toolkit . Pedimos desculpas por eventuais erros: não consigo revisá-los, pois a única palavra em português que sei é "Obrigado!"... e meu sotaque é péssimo! [Courtesy of Filipe Nicacio, we now offer Brazilian Portuguese translations of some of the ISO27k Toolkit materials. Sorry about any mistakes: I can't really check them since about the only word of Portuguese I kno

ISO/IEC 27002 - a generic catalogue of commonplace information security controls - expands substantially on Annex A of ISO/IEC 27001 . Each of the 93 single-sentence control statements in Annex A merits about a page of more detailed explanation and guidance in '27002 ... but those details mean more work for ISO/IEC JTC 1/SC27 to maintain the standard. The committee is forever chasing after changes in the field such as the meteoric rise of generative AI since the release of C

Having now reached F inal D raft I nternational S tandard stage, ISO/IEC 27090 " Guidance for addressing security threats and compromises to artificial intelligence systems " is on-track for publication later this year, hopefully. This is a timely standard, giving the explosion of AI-with-everything at the moment. Hopefully it will prompt smart (and not-so-smart!) organisations to think carefully about the information risks associated with their use of AI, prioritising the

ISO/IEC 27565:2026 is a brand new ISO27k standard on Z ero- K nowledge P roofs. It explains how to go about collecting and verifying personal information for various legitimate purposes without 'over-collecting' i.e. requiring and gathering additional information beyond that strictly needed for the stated purpose - verifying whether a statement or claim is or is not true. Age verification is a common example. A new law in Australia, for instance, prohibits youngsters from