Information security standard improved

Last updated:
4/3/2025
Decorative

In February 2022, the new standard ISO/IEC 27002:2022 information security, cybersecurity and privacy protection - information security controls. After reviewing the previous version from 2017, it became apparent that adjustments were needed.

What is ISO/IEC 27002?

ISO/IEC 27002 provides suggestions and best practices for security related to the implementation and maintenance of information security management systems.

The standard was developed to help any type of organisation to prevent malpractice such as extortion, data theft or failure of online services.

Deepening of ISO/IEC 27001

The ISO/IEC 27002 standard is a deepening of ISO 27001, the standard for security techniques within information technology and which is a tool for performing risk analysis. ISO/IEC 27002 includes measures to mitigate or reduce information security risks.

Changes

The 2017 review of the standard found that, among other things, ISO/IEC 27002 served too much as a checklist. Therefore, some adjustments were made.

The main changes are the structure of the standard and the control measures:

  • The new structure makes it easier to determine who becomes the owner of a control measure.
  • The control measures have been divided into four sections: organisational, human, physical and technological measures.

Want to buy the new standard?

The revised ISO/IEC 27002:2022 standard is available for purchase in the NBN's e-shop.

Related articles

See all articles
Arrow pointing right