All bloggings

Updates to both ISO/IEC 27000 and ISO/IEC 27017 have passed their votes at FDIS stage. 27000 (the overview and introduction to the ISO27k standards) received just a few minor comments and should be released very soon (which means within months, in ISO-land). 27017 (cloud security) received about 10 pages of comments - mostly minor grammatical corrections though, so it too remains on-track for release soon (hopefully this year). They should be published "soon-as". I often moa

Graças a Filipe Nicacio, agora oferecemos traduções para português brasileiro de alguns materiais do ISO27k Toolkit . Pedimos desculpas por eventuais erros: não consigo revisá-los, pois a única palavra em português que sei é "Obrigado!"... e meu sotaque é péssimo! [Courtesy of Filipe Nicacio, we now offer Brazilian Portuguese translations of some of the ISO27k Toolkit materials. Sorry about any mistakes: I can't really check them since about the only word of Portuguese I kno

ISO/IEC 27002 - a generic catalogue of commonplace information security controls - expands substantially on Annex A of ISO/IEC 27001 . Each of the 93 single-sentence control statements in Annex A merits about a page of more detailed explanation and guidance in '27002 ... but those details mean more work for ISO/IEC JTC 1/SC27 to maintain the standard. The committee is forever chasing after changes in the field such as the meteoric rise of generative AI since the release of C

Having now reached F inal D raft I nternational S tandard stage, ISO/IEC 27090 " Guidance for addressing security threats and compromises to artificial intelligence systems " is on-track for publication later this year, hopefully. This is a timely standard, giving the explosion of AI-with-everything at the moment. Hopefully it will prompt smart (and not-so-smart!) organisations to think carefully about the information risks associated with their use of AI, prioritising the