CASES.LU

Articles

Phishing, virtual abuse of trust
How to discuss cybersecurity with your employees? Use BYOD!
Physical and environmental security: because threats are not just digital ...
Risk management: from directive 95/46 to the GDPR
Cybersecurity4success: l’état aide les entreprises à se protéger
Règlement général sur la protection des données: privacy and security by design
Cloud: the sky is the limit?
La cybersécurité made in Luxembourg se distingue au Maroc et en Tunisie
Vacances, réseaux sociaux et Internet : un « big data » pour les cambrioleurs
CASES participe au mois de prévention de l’arnaque
Alerte: nouvele vague de Ransomware
Données personnelles: une révolution en marche
BYOD un risque et une opportunité en même temps

Risk management: from directive 95/46 to the GDPR

From 2000 to 2005, the field of information security was in a state of flux with experts waiting to see who would impose the first set of international standards. The English were one step ahead and so the first standards to appear were ISO/IEC 17799 on best practices in information security (established in 2000, this later became ISO/IEC 27002). And then ISO/IEC 27001, which introduced the notion of ISMS (using certification). These were then followed in 2008 by ISO 27005, which supplies the method for risk management. These standards have now become references; they have been fully fleshed out and there is a natural tendency for national standards and methods to converge towards these international standards.

The GDPR, or General Data Protection Regulation, comes onto the scene at a time when all these standards have reached maturity, are stable, and widespread throughout Europe…

For more information concerning the obligations for your organisation you can read the brochure from the CNPD

Table of Content