Changes in the New ISO/IEC 27001 and ISO/IEC 27002
The ISO 27001 standard for information security management is currently being revised, while a new version of the ISO / IEC 27002 standard was published in February this year.
What is the difference between ISO / IEC 27001 and ISO / IEC 27002?
Companies can obtain ISO / IEC 27001 certification for system compliance, but not ISO / IEC 27002.
The ISO / IEC 27001 standard provides a framework for information security management, while ISO / IEC 27002 provides guidelines for information security management practices, including the implementation and management of controls, taking into account an organization’s information security risk.
The new ISO / IEC 27001: 2022 standard introduces a number of changes, including:
- The new standard has 93 controls divided into 4 domains, previously 114 controls and 14 domains
- Each control has 5 attributes
- How to categorize: preventative, detective, corrective
- Information security features: confidentiality, integrity, availability (CIA);
- Cyber security concepts: identity, protection, identification, response, recovery;
- Operational capabilities: governance, asset management, information security, human resource security, etc.
- Security domains: governance, protection, resilience.
The new ISO / IEC 27001: 2022 standard introduces new controls, including:
- Identity management
- Deletion of information
- Data masking
- other
If you have any questions or concerns, feel free to contact BM Certification, we always keep up to date and are able to find answers to your questions. https://bmcertification.com/contacts/
Find out more about the current ISO27001 standard on our website: https://bmcertification.com/information-security-and-data-security/iso-27001-information-security-management-system/
The new ISO 27002: 2022 is available here: https://www.iso.org/standard/75652.html