Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

Incident management procedure-A.16.1.5 is new control?

Hi in standard ISO27001:2013 and in step 10 transmission steps document, Incident management procedure (control A.16.1.5) is new control who describe how to respond to different types of incidents, who is responsible for what, who must be informed, etc but in ISO 27001 2005 revision, information security incident management : reporting information security events and weakness(A.13.1 control) management of information security incidents and improvement(A.13.2 control) is already exist. what difference between scope and interfaces? please explain difference both of them. thanks

0 0

Assign topic to the user

Select user

Guest

Guest post Jan 12, 2016

security expert said

in standard ISO27001:2013 and in step 10 transmission steps document,
Incident management procedure (control A.16.1.5) is new control who describe how to respond to different types of incidents, who is responsible for what, who must be informed, etc
but in ISO 27001 2005 revision, information security incident management :
reporting information security events and weakness(A.13.1 control)
management of information security incidents and improvement(A.13.2 control)
is already exist.

what difference between control A.16.1.5 from new revision and A.13.1 & A.13.2 controls from 2005 revision?
please explain difference both of them.

thanks

Quote

0 0

Guest

DejanK Jan 12, 2016

I basically agree with you there is no big difference between incident management controls in ISO 27001:2005 and ISO 27001:2013; the only difference is that control A.16.1.5 of 2013 revision requires incident procedures to be documented, while controls in 2005 revision did not have such requirement.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community