Category Archives: Security Certification

ISO 27001, Compliance

Public available of ISO/IEC 29100:2011 Privacy framework

Last May, in ISO SC27 meeting held at Sophia Antipolis. WG5 Identity Management and Privacy Technologies voted to make ISO 29100 Privacy framework a public document. After JTC 1 Plenary endorsement in November 2013 meeting, the standard is now available at http://standards.iso.org/ittf/PubliclyAvailableStandards/index.html (search for 29100). Another document are listed is  ISO 27000 Information security management systems — Overview and vocabulary.

For most people in the IT security industry, the relationship between owner, processor and user of PII is confusing. Table I in ISO 29100 provides a clear and user friendly way to understand their relationships.

Note from 2016 SC27WG5 meetings : A new edition on improving consistency and language is planned. New version shall be ready next year.

Privacy Protection Principles, compare ISO29100, with Singapore and Hong Kong legislations

ISO29100

What happens without a Christmas tree

Recently, I have been involved in cloud security discussions in different occasion. As Christmas is coming, I think it is worth to repeat a point I made in 2005 via securityfocus.com mail list and still it is valid. It regarding BS7799 and its controls. 

“Without a Christmas tree, you can still have decorations but it would be a mess. With a Christmas tree, the decorations fit into a big picture and you can see where needs what.”

URL : http://www.securityfocus.com/archive/134/412802/30/480/threaded