Information security, cybersecurity and privacy protection.

This document provides a reference set of generic information security controls, including an implementation guide.

It is designed to be used by organizations:

a) Within the context of an information security management system (ISMS) based on ISO/IEC 27001

b) To implement information security controls based on internationally recognized best practices.

c) To develop your specific information security management guidelines.

General Information

  • Status : Published
  • Date of publication: 2022-02
  • Editing: 3
  • Number of pages: 152
  • Technical Committee: ISO/CEI JTC 1/SC 27 Information security, cybersecurity and privacy protection.
  • ICS :35,030 Computer Security.

Main changes

The development of the new standard contemplates the reduction of controls, going from the 114 existing in the 2013 version to 93 controls in the new version ISO/IEC 27002:2022. Some controls from the 2013 version have been grouped together and 11 new controls are defined.

New Controls

A total of 11 new controls are defined, which correspond to:

  • Threat Intelligence.
  • Information security for the use of cloud services.
  • ICT readiness for business continuity.
  • Physical security monitoring.
  • Configuration management.
  • Deletion of information.
  • Data masking.
  • Data leak prevention.
  • Activity monitoring.
  • Web Filtering.
  • Secure Encoding.

Do you have questions or would you like more information?

At Itera we can provide you with services, solutions and consultancy for ISO/IEC 27001:2013 and 27002 standards, among others.


Contact a specialist: