Information security standard improved

In February 2022, the new standard ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection - Information security controls. After a review of the previous version from 2017, it was found that adjustments to the standard were needed.

What is ISO/IEC 27002?

ISO/IEC 27002 provides suggestions and best practices for security related to the implementation and maintenance of information security management systems.

The standard was developed to help any type of organisation to prevent malpractice such as extortion, data theft or failure of online services.

Deepening of ISO/IEC 27001

The ISO/IEC 27002 standard is a deepening of ISO 27001, the standard for security techniques within information technology and which is a tool for performing risk analysis. ISO/IEC 27002 includes measures to mitigate or reduce information security risks.

Changes

The 2017 review of the standard found that, among other things, ISO/IEC 27002 served too much as a checklist. Therefore, some adjustments were made.

The main changes are the structure of the standard and the control measures:

• The new structure makes it easier to determine who becomes the owner of a control measure.
• The control measures have been divided into four sections: organisational, human, physical and technological measures.

‍

Want to buy the new standard?

The revised ISO/IEC 27002:2022 standard is available for purchase in the NBN's e-shop.

^{Buy the standard}