The draft version of ISO/IEC 27002:2022 has triggered people all over the world, especially the people who are dealing with information security. Let’s understand what are the changes are going to happen.
The progressions have just been directed and made principally to improve on the execution: the quantity of controls has diminished from 114 to 93 and has put in 4 areas rather than the past 14. There are 11 new controls, while none of the controls has been erased, and many controls were merged.
The Areas That Remain The Same
The primary piece of the ISO 27001, i.e., Clause 4 to 10, continue as before.
These clauses include the,
Context of the organization: Interested Parties, Context, Scope
Leadership: Policy, Roles & Responsibilities
Planning and Operation: Risk Management
Support: Awareness, Communication, Document Control
Performance evaluation: Metric & Measurement, Internal Audit
Improvement: Corrective Action Plan
The up-gradation has been made in the security controls listed in ISO 27001 Annex A.
The controls that have remained same with the new control number,
Six changes in ISO/IEC 27002:2022
1. The Structure:
2. Number of controls
The new form has decreased the number of controls from 114 to 93.
Technological progressions, and an improvement to the comprehension of how to apply security practices, appear to be the explanations behind the adjustment of the number of controls.
3. New Controls
The following controls have been introduced in the new version of the standard,
Information security for use of cloud services
ICT readiness for business continuity
Physical security monitoring
Data leakage prevention
4. Renamed Control
For simple arrangement, twenty-three (23) controls have had their names changed.
5. Merged controls
To accomplish more productive security fifty-seven (57) controls have been merged into twenty-four (24) controls by thinking about them in a solitary control.
6. Split Controls
Only one control from ISO/IEC 27001: 2013 has split in ISO/IEC 27002:2022,
For the expansion of eleven new controls in ISO/IEC 27002:2022, risk management and documentation will be the most prior activities to perform for an organization.
This is the place where the new ISO 27002 will bring the most worth – during the progress time frame, an organization will have a lot of best practices follow, as well as a new set of attributes to use to make controls selection more straightforward and more compelling.
What’s more on the grounds that ISO 27002 is very itemized, the organization actually has the opportunity to pick just the proper stuff for its current circumstance, it will assist the organization with making this change simpler.
Refer to our webinar content to understand the changes and know more about the new controls.
You can also contact us for a pro bono discussion and know more about how to implement these controls in your environment effectively or for a cybersecurity assessment.