![iso 27002 iso 27002](http://www.maxi-pedia.com/system/files/images/ISO_27002_mind_map.preview.gif)
This most important link between ISO 27001 and ISO 27002 – identical structure of ISO 27001 Annex A and ISO 27002 controls – will most likely still be included in new revisions of both standards. This relationship between the two standards is why ISO 27002 has changed its name in 2007 – it was previously called ISO/IEC 17799, but its name was changed to ISO/IEC 27002, making it part of ISO 27k series. For a detailed explanation of the differences between ISO 27001 and ISO 27002, read ISO 27001 vs ISO 27002. ISO 27002 lists all of these 133 controls again, but offers detailed explanation of best practices for their implementation. What these two standards have in common are the 133 controls – they are offered as a kind of catalogue in Annex A of ISO 27001, with the idea that appropriate controls are selected based on the risk assessment. Since ISO 27002 is closely tied to ISO 27001, this revision has to be done simultaneously for both standards, and is expected to happen in the latter half of 2012 or during 2013. The information you submit will be processed in line with our Privacy statement.It’s been six years since the last revision of ISO/IEC 27002 (in 2005) – much has changed in information security since then, and this standard definitely needs some “facelifting”. Would you like to receive updates on the upcoming ISO 27002 update? Leave your email address below and we’ll keep you posted!
#Iso 27002 how to
#Iso 27002 code
As ISO 27002 is just a code of practice, it is not possible to certify against it. Next to that, the controls will be (hash) tagged by control type (#preventive, #detective, #corrective), classification (#confidentiality, #integrity, #availibility), NIST concept (#identify, #protect, #detect, #respond, #recover) and operational capabilities (#governance, #asset_management, #information_protection, #human_resource_security, #physical_security, #system_and_network_security, #application_security, #secure_configuration, #identity_and_access_management, #threat_and_vulnerability_management, #continuity, #supplier_relationships_security, #legal).Īs you may notice, the operational capabilities can be mapped to the current chapters almost seamlessly. ISO 27002:2022 will contain 93 controls, divided over 4 chapters: ISO 27002:2013 contains 114 controls, divided over 14 chapters. The draft is currently under review ( source) and is expected to be published Q1 or Q2 of 2022.Īs Annex A of ISO 27001 is based on ISO 27002, it is expected that this standard will soon follow, after which it will be possible to certify against the new standard. In 2018, it was decided that ISO 27002:2013 should be revised. After this period, it is decided whether the standard can stay valid, needs revision or should be retracted. The typical lifespan of an ISO standard is five years.