May 16 2024

ISO 27001 Standard, Risk Assessment and Gap Assessment

Category: ISO 27kdisc7 @ 10:45 am

The core section of the standard retains its 11 clauses with minor modifications, while significant structural revisions have been implemented in the Annex A controls. Control categories have been rearranged, resulting in a reduction in the total number of controls. Broadly speaking, 11 new controls have been added, 57 controls have been consolidated, 23 controls have been rebranded, and three controls have been eliminated. The introduction of these 11 new controls underscores the heightened significance of Cloud, DevOps, and Personal Information, which have evolved over the past decade.

  • A.5.7 Threat intelligence 
  • A.5.23 Information security for the use of cloud services 
  • A.5.30 ICT readiness for business continuity 
  • A.7.4 Physical security monitoring 
  • A.8.9 Configuration management 
  • A.8.10 Information deletion 
  • A.8.11 Data masking 
  • A.8.12 Data leakage prevention 
  • A.14.1.4 Secure development policy 
  • A.16.2.4 Security of supplier services 
  • A.18.2.3 Protection of personal information in public clouds 

ISO 27002:2022 has three control types, #Preventive, #Corrective and #Detective. Some of these controls share more than one control types. There are total 12 Detective, 13 Corrective, and 83 Preventive controls and 15 controls (12+13+83 = 108 -15 = 93) which share more than one control type in ISO 27002:2022 latest guidance. If you like to know more about how and when to start complying with new and latest control guidance, please contact us to book an appointment to discuss the details, how DISC llc can assist your organization with ISO 27001 compliance or certification plans. 

for more details: iso-27001-assessment

To download and review the standard: COPYRIGHT PROTECTED DOCUMENT

ISO 27001 Controls Handbook: Implementing and auditing 93 controls to reduce information security risks

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: ISO 27001 2022

Leave a Reply

You must be logged in to post a comment. Login now.