Snežienkova 1/A, 971 01 Prievidza SR
en
de
cs
sk

What can we expect from the new revision of ISO / IEC 27001 and ISO / IEC 27002

CATEGORY
|
AUTHOR

 

The revision process of ISO/IEC 27001 and ISO/IEC 27002 is currently underway (the current version was published in 2013). Organizations that focus on a systematic approach to information security management have certainly registered this innovation.
 

ISO/IEC 27002 is again designed to provide a framework for information security management (similar to, for example: NIST CSF).
 

The main changes that the new version brings is the merging of measures into 4 groups:

1. Organizational arrangements
2. Personnel measures
3. Physical measures 

4. Technical measures
 

 

There are also several areas that will require management and action (if applicable in the organization), such as:


Threat Management (Measure: Information related to information security threats should be collected and analyzed to create threat management.)


Information security when using cloud services (Measure: The processes for acquiring, using, managing and terminating cloud services should be designed in accordance with the organization's information security requirements.)


ICT readiness for business continuity (Measure: ICT readiness should be planned, implemented, maintained and tested on the basis of business continuity objectives and ICT continuity requirements.)


Physical security monitoring (Measure: Premises should be monitored continuously to prevent unauthorized physical access.)


Configuration Management (Measure: Configurations, including security, hardware, software, services, and network configurations, should be created, documented, implemented, monitored, and controlled)


Erasing information (Measure: Information stored in information systems and devices should be erased when it is no longer needed.)

Data masking (Measure: Data masking should be used in accordance with the organization's access control policy and business requirements, taking into account legislative requirements.)
 

Data leakage prevention (Measure: Measures to prevent data leakage should be applied to systems, networks and terminal equipment that process, store or transmit sensitive information.)


Monitoring activities (Measure: Networks, systems and applications should be monitored for unusual behavior and appropriate measures should be taken to evaluate potential information security incidents.)

Web filtering (Measure: Access to external websites should be controlled to reduce exposure to malicious content.)
 

Secure Encryption (Measure: Software development should be subject to secure encryption policies.)

 

The publication of the new standards is expected at the end of 2021 or at the beginning of 2022.
 

Subsequently, a transitional period will begin. During this period, new requirements will need to be implemented if your organization has a certified information security system.
 

Author: Martin Kašša, ISO/IEC 27001 auditor
 

(sources used: ISO/IEC DIS 27002 Information security, cybersecurity and privacy protection)

Recommended training:

Training name Training duration Venue Price The nearest date
1 day
Company in-house training On request
According to you
2 days
Company in-house training On request
According to you
2 days
Company in-house training On request
According to you

Similar articles

What changes does the current version 6 of MMOG/LE bring to the automotive supply chain?

What changes does the current version 6 of MMOG/LE bring to the automotive supply chain?

AIAG members and Odette - together with established industry partners and stakeholders have decided to release a new version of MMOG/LE, in order to support the following objectives for a more stable and predictable supply chain.

More
The ISO / IEC 17025 standard ensures exclusivity for your laboratory!

The ISO / IEC 17025 standard ensures exclusivity for your laboratory!

CATEGORY

ISO / IEC 17025 is a standard that applies to laboratories in various industries and ensures that standards for laboratory testing and calibration are followed in practice.

More
ISO 22301 - Systematic approach to protection, including your business

ISO 22301 - Systematic approach to protection, including your business

Recently, we have begun to accumulate events that we are not used to in our latitudes. Apart from the pandemic, we have certainly all caught a tornado in Moravia and other extreme weather events. ISO 22301 specifies business continuity requirements and rules and helps companies recover quickly from unforeseen events. Its aim is to prepare companies and protect them in the event of such an exceptional unforeseen event.

More
The PSCR has replaced and supplemented the PSB

The PSCR has replaced and supplemented the PSB

What is the difference between PSB and PSCR? Why is PSB no longer enough and what has changed? What training should you undergo?

More

Newsletter