Professional Documents
Culture Documents
What's New in ISO 27001 - 200-6
What's New in ISO 27001 - 200-6
➢ Annexure A changes
• Organizational controls- 37
• People Controls – 8
• Physical controls – 14
• Technological controls – 34
• Annex A - Using attributes
• Annex B - Correspondence with ISO
27001:2013
Clause Controls
Organizational controls 5.7 Threat intelligence
2. Control Classification
3. Security Domain
5. Operational Capabilities
Eg-
5.1 authentication information
Control Information Cyber Operational Security
type security security Capabilities Domain
attributes concept
Preventive C, I, A Protect IAM Protection
Control type Cyber security
❖ #Preventive concept
❖#Identify
❖ #Detective ❖#Protect
❖ #Corrective ❖#Detect
❖# Respond
❖# Recover
Classification
❖ #Confidentiality Security domains
❖ #Integrity ❖#Governance and
❖ #Availability Ecosystem
❖# Resilience
❖# Protection
❖#Defence
Operational capabilities
❖ #Governance
❖ #Asset management
❖ # Information Protection
❖ # Human resource security
❖ # Physical security
❖ # System and network security
❖ # Application security
❖ # Secure configuration
❖ # IAM
❖ # Threat and vulnerability management
❖ # Continuity
❖ # Supplier relationship security
❖ # Legal and compliance