Scribd Logo
Upload

Welcome to Scribd!

  • Iso 27000 22

    Uploaded by

    Nahla Solayman
    101 views2 pages
    The updated version of the ISO 27001 standard was published in 2022. It can be purchased online and a preview is available. The main changes include splitting clauses 9.2 and 9.3, reordering clauses 10.1 and 10.2, adding clarification without introducing new requirements. Annex A was renamed and the security controls were regrouped into four domains and reduced from 114 to 93, with some merged and 11 new controls introduced to address evolving technologies.

    Original Description:

    Original Title

    ISO_27000_22

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The updated version of the ISO 27001 standard was published in 2022. It can be purchased online and a preview is available. The main changes include splitting clauses 9.2 and 9.3, reordering clauses 10.1 and 10.2, adding clarification without introducing new requirements. Annex A was renamed and the security controls were regrouped into four domains and reduced from 114 to 93, with some merged and 11 new controls introduced to address evolving technologies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    101 views2 pages

    Iso 27000 22

    Uploaded by

    Nahla Solayman
    The updated version of the ISO 27001 standard was published in 2022. It can be purchased online and a preview is available. The main changes include splitting clauses 9.2 and 9.3, reordering clauses 10.1 and 10.2, adding clarification without introducing new requirements. Annex A was renamed and the security controls were regrouped into four domains and reduced from 114 to 93, with some merged and 11 new controls introduced to address evolving technologies.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    Finally, the most awaited revision of 

    #iso27001 is published.

    The 2022 version of the standard can be purchased from https://lnkd.in/dUFMjM2c

    The preview of the new version is available at https://lnkd.in/dudqUc_H

    High-level summary of changes:

    ● The title is changed to ISO/IEC 27001:2022 Information security, cybersecurity and privacy
    protection — Information security management systems — Requirements

    ● Clauses 9.2 and 9.3 are split as below:


    • 9.2.1 General
    • 9.2.2 Internal audit programme
    • 9.3.1 General
    • 9.3.2 Management review inputs
    • 9.3.3 Management review results

    ● The order of below two sub-clauses have been interchanged:


    • 10.1 Continual improvement (earlier 10.2)
    • 10.2 Nonconformity and corrective action (earlier 10.1)

    ● Although new text has been added and some rearranged, these changes only clarify the
    requirements and do not add new ones to the standard

    ● Annex A is titled as Information security controls reference

    ● Main changes in Annex A aligned to ISO 27002:2022


    • controls are regrouped into 4 domains instead of previous 14 domains:
    5. Organizational (37 controls);
    6. People (8 controls);
    7. Physical (14 controls); and
    8. Technological (34 controls)

    • 11 new controls introduced to address the evolvement in technologies and industrial practices:
    A.5.7 Threat intelligence
    A.5.23 Information security for use of cloud services
    A.5.30 ICT readiness for business continuity
    A.7.4 Physical security monitoring
    A.8.9 Configuration management
    A.8.10 Information deletion
    A.8.11 Data masking
    A.8.12 Data leakage prevention
    A.8.16 Monitoring activities
    A.8.23 Web filtering
    A.8.28 Secure coding

    • The outdated '6.2.2 Teleworking' has been updated to '6.7 Remote working'

    • similar controls integrated to become one main control; reducing redundancy (with previous 57
    controls being merged into 24 controls)

    • total no. of controls reduced from previous count of 114 controls to 93 controls

    • controls have also been assigned different attributes for easier classification and management:
    - Control type: Preventive, Detective, Corrective
    - Information security properties: CIA
    - Cybersecurity concepts: Identify, Protect, Detect, Respond, Recover
    - Operational capabilities: e.g. Continuity, Physical security, Information security event management
    - Security domains: Governance and Ecosystem, Protection, Defence, Resilience

    https://www.iso.org/obp/ui/#iso:std:iso-iec:27001:ed-3:v1:en

    You might also like