Update:ISO/IEC 27002:2022

This document provides a set of generic information security controls references, including an implementation guide.

It is designed to be used by organizations:

27001. a) Within the context of an information security management system (ISMS) based on ISO/IEC 27001.
27002. b) To implement information security controls based on internationally recognized best practices.
27003. c) To develop its specific information security management guidelines.

Overview

• Status : Published
• Publication date : 2022-02
• Edition : 3
• Number of pages : 152
• Technical Committee: ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection.
• ICS:35.030 Computer security.

Main changes

The development of the new standard contemplates the reduction of controls, going from the 114 existing in the 2013 version to 93 controls in the new ISO/IEC 27002:2022 version. Some controls from the 2013 version have been grouped together and 11 new controls are defined.

New Controls

In total, 11 new controls are defined, which correspond to:

• Threat Intelligence.
• Information security for the use of cloud services.
• ICT readiness for business continuity.
• Physical security monitoring.
• Configuration management.
• Deletion of Information.
• Data masking.
• Data leak prevention.
• Activity monitoring.
• Web Filtering.
• Secure Coding.

Do you have questions or would you like to learn more?

At Itera we can provide you with services, solutions and consulting for ISO/IEC 27001:2013 and 27002 standards, among others.

Contact a specialist:

seguridad@iteraprocess.com

delfino.vazquez@iteraproces.com

Fountain:

https://www.iso.org/standard/75652.html