In February 2022, the new standard ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection - Information security controls. After a review of the previous version from 2017, it was found that adjustments to the standard were needed.
ISO/IEC 27002 provides suggestions and best practices for security related to the implementation and maintenance of information security management systems.
The standard was developed to help any type of organisation to prevent malpractice such as extortion, data theft or failure of online services.
The ISO/IEC 27002 standard is a deepening of ISO 27001, the standard for security techniques within information technology and which is a tool for performing risk analysis. ISO/IEC 27002 includes measures to mitigate or reduce information security risks.
The 2017 review of the standard found that, among other things, ISO/IEC 27002 served too much as a checklist. Therefore, some adjustments were made.
The main changes are the structure of the standard and the control measures:
The revised ISO/IEC 27002:2022 standard is available for purchase in the NBN's e-shop.