Risk Management: from Directive 95/46 to the GDPR
 

From 2000 to 2005, the field of information security was in a state of flux with experts waiting to see who would impose the first set of international standards. The English were one step ahead and so the first standards to appear were ISO/IEC 17799 on best practices in information security (established in 2000, this later became ISO/IEC 27002). And then ISO/IEC 27001, which introduced the notion of ISMS (using certification). These were then followed in 2008 by ISO 27005, which supplies the method for risk management. These standards have now become references; they have been fully fleshed out and there is a natural tendency for national standards and methods to converge towards these international standards.

The GDPR, or General Data Protection Regulation, comes onto the scene at a time when all these standards have reached maturity, are stable, and widespread throughout Europe...

Read the complete story on Securitymadein.lu...