Changes in the New ISO/IEC 27001 and ISO/IEC 27002
The ISO 27001 standard for information security management is currently being revised, while a new version of the ISO / IEC 27002 standard was published in February this year.
What is the difference between ISO / IEC 27001 and ISO / IEC 27002?
Companies can obtain ISO / IEC 27001 certification for system compliance, but not ISO / IEC 27002.
The ISO / IEC 27001 standard provides a framework for information security management, while ISO / IEC 27002 provides guidelines for information security management practices, including the implementation and management of controls, taking into account an organization’s information security risk.
The new ISO / IEC 27001: 2022 standard introduces a number of changes, including:
- The new standard has 93 controls divided into 4 domains, previously 114 controls and 14 domains
- Each control has 5 attributes
- How to categorize: preventative, detective, corrective
- Information security features: confidentiality, integrity, availability (CIA);
- Cyber security concepts: identity, protection, identification, response, recovery;
- Operational capabilities: governance, asset management, information security, human resource security, etc.
- Security domains: governance, protection, resilience.
The new ISO / IEC 27001: 2022 standard introduces new controls, including:
- Identity management
- Deletion of information
- Data masking
If you have any questions or concerns, feel free to contact BM Certification, we always keep up to date and are able to find answers to your questions. https://bmcertification.com/contacts/
Find out more about the current ISO27001 standard on our website: https://bmcertification.com/information-security-and-data-security/iso-27001-information-security-management-system/
The new ISO 27002: 2022 is available here: https://www.iso.org/standard/75652.html