SlideShare a Scribd company logo

ISO/IEC 27001:2022 – What are the changes?

Download as PPTX, PDF
PECB
PECB

ISO/IEC 27001 is the main standard that aims to enhance an organization’s information security. Amongst others, the webinar covers: • ISO/IEC 27001 & ISO/IEC 27002, catching up with history • Quick recap on the ISO/IEC 27002:2022 • From ISO/IEC 27002 to the ISO/IEC 27001 updates • Some considerations & consequences of the update • What's up next with ISO/IEC 27001, in practice? Presenters: Peter Geelen Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more. Stefan Mathuvis Stefan Mathuvis, is owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy. Date: November 9, 2022 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022 https://pecb.com/article/investing-in-information-security-awareness Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION

Technology
1 of 66
Agenda • ISO/IEC 27001 & ISO/IEC 27002, catching up with history • Quick recap on the ISO/IEC 27002:2022 • From ISO/IEC 27002 to the ISO/IEC 27001 updates • Some considerations & consequences of the update • Hints & tips • What's up next with ISO/IEC 27001, in practice? • Q & A
Introduction
Peter Geelen (CyberMinute) • 20+ years experience in security • Enterprise Security & IAM • Cybersecurity • Data Protection & Privacy • Incident management, Disaster Recovery • Trainer, coach, auditor • ISO27001 Master & Lead ISO27002 • ISO27701 Master • Certified DPO & Fellow In Privacy • Lead Incident Mgr & Disaster Recovery • ISO27032 Sr. Lead Cybersecurity Mgr • Lead ISO27005 (Risk Mgmt) • Accredited Lead auditor ISMS/PIMS/QMS/BCMS • Accredited Security Trainer My experience Certification Accreditation http://www.cyberminute.com https://ffwd2.me/pgeelen More info (LinkedIn): peter@cyberminute.com
Stefan Mathuvis (QMA) • 20 years experience in security, • Quality Management & Auditing • DPO as a Service • Cybersecurity • Security, Data Protection & Privacy • Trainer, coach, auditor • ISO27001 Lead Auditor • ISO9001 Lead Auditor • Lead auditor Tisax • Lead auditor GQS • CDPO • PECB trainer • Accredited ISO27001 lead auditor • Accredited 9001 Lead auditor My experience Certification Accreditation http://www.qma.be https://ffwd2.me/stefan More info (LinkedIn): Stefan@qma.be
ISO/IEC 27001 & ISO/IEC 27002 Catching up
The standard • Certifiable international standard for information security best practices • Main version 2013, with updates 2014, 2015 & 2017 (https://www.iso.org/standard/82875.html) Consists of • Management Clauses • Normative controls Annex ISO/IEC 27001
Management Clauses • Based on Harmonized Structure (HS) / High Level Structure (HLS) • Core principles of ISO 9001:2015 • PDCA Cycle ISO/IEC 27001
Management Clauses • Principle of continual improvement • PDCA Cycle ISO/IEC 27001
Management Clauses • Principle of continual improvement • PDCA Cycle ISO/IEC 27001 Act Plan Do Check Act Plan Do Check Security Improvement Time
Annex A (normative) • "Normative" = part of requirements (ref. certification track) • From the ISO/IEC 27001:2022 (ref. 2013) "The information security controls listed in Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2022[1], Clauses 5 to 8 and shall be used in context with 6.1.3. " ISO/IEC 27001
Annex A (normative) > link to Clause 6.1.3 ISO/IEC 27001
Annex A (normative) • "Normative" = part of requirements (ref. certification track) • From the ISO/IEC 27001:2022 (ref. 2013) "The information security controls listed in Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2022[1], Clauses 5 to 8 and shall be used in context with 6.1.3. " ISO/IEC 27001
Annex A (normative) • Annex = Security measures • Security measures • Security = PPT : People, Process & Technology • In fact : (P)PPT -> Physical, People, Process & Technology • Based on, extract from ISO/IEC 27002 • So, ISO first updated 27002:2013 to 2022… ISO/IEC 27001
ISO/IEC 27002:2022 quick recap Quick recap
More info • PECB Webinar: ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know: https://pecb.com/past-webinars/isoiec-27001--isoiec-270022022-what- you-need-to-know • PECB Magazine: How Does the New Revision of ISO/IEC 27002 Affect ISO/IEC 27001 https://insights.pecb.com/how-does-the-new-revision-of-iso-iec-27002- affect-iso-iec-27001/ ISO/IEC 27002:2022
Most important changes (*) • Main structure change • From: operational security, functional organization (Meaning A.5 > A.18) • To: PPPT (3PT) • Process & Policies (organizational) (A.5) • People (A.6) • Physical (A.7) • Technological (A.8) ISO/IEC 27002:2022
Important to know • From 114 (v2013) to 93 (v2022) controls • But no controls removed • Consolidation & updates of controls • ISO/IEC 27002:2022 Annex B • Table B.1 mapping 2022>2013 • Table B.2 mapping 2013>2022 • 11 new controls ISO/IEC 27002:2022
New controls • A.5.7 Threat intelligence (cyber/cloud/DP) • A.5.23: Information security for cloud services (cloud) • A.5.30: ICT readiness for business continuity (A.17) • A.7.4: physical security monitoring (physical) • A.8.9: Configuration management (alignment ISO 20000) • A.8.10: Information deletion (Data protection) • A.8.11: Data masking (DP) • A.8.12: Data leakage prevention (DP/Cyber) • A.8.16: Monitoring activities (general) • A.8.23: Web filtering (cyber) • A.8.28: Secure coding (Cyber & Application security) ISO/IEC 27002:2022
Did you notice… • the change of language (more active language) • the change in focus of audience (employee > staff) • the broader approach & interpretation • Not only information security but also more focus on • Cyber & cloud security • Data protection • physical security ISO/IEC 27002:2022
ISO/IEC 27001:2022 From ISO/IEC 27002 to ISO/IEC 27001
Walkthrough of the changes • Name change • Document structure changes • Key changes in main clause • Language & content changes ISO/IEC 27001:2022
It starts with the front page: name change ISO/IEC 27001:2022
It starts with the front page: name change ISO/IEC 27001:2022
Table of contents alignment (display level 3) ISO/IEC 27001:2022
ISO/IEC 27001 Content updates
Foreword • Alignment with ISO directive • Cancels and replaces previous version (2nd edition) including all Technical corrigenda • 2014 • 2015 • 2017 (wrap up of previous corrigenda) • Alignment with harmonized structure Ref: 2021-05_Annex SL_Appendix_2_rev1.pdf ISO/IEC 27001:2022
Scope "Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document." ISO/IEC 27001:2022
Terms and definitions • 2013: • Only reference to ISO27000 • For your information: free download of ISO27000 (v2018): https://standards.iso.org/ittf/PubliclyAvailableStandards/ • 2022: addition • ISO and IEC maintain terminology databases for use in standardization at the following addresses: • ISO Online browsing platform: available at https://www.iso.org/obp • IEC Electropedia: available at https://www.electropedia.org ISO/IEC 27001:2022
Context of organisation • Updated reference to ISO31000:2018 • 4.2 Interested parties (new) • c) which of these requirements will be addressed through the information security management system. • 4.4 ISMS - increased focus on processes • The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document ISO/IEC 27001:2022 clause 4
Planning (Risk management) • 6.2 Information security objectives • 2 new sub items • d) be monitored; • g) be available as documented information. • (NEW) 6.3: Planning of changes • When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner. ISO/IEC 27001:2022 clause 6 (Planning)
Communication • 7.4 Communication • Simplification of module • d) how to communicate. • e) removed ISO/IEC 27001:2022 clause 7 (Support)
Operation 8.1 Operational planning and control ISO/IEC 27001:2022 clause 8 (Operation)
Operation 8.1 Operational planning and control • 2013: The organisation shall ensure that outsourced processes are determined and controlled • 2022: The organization shall ensure that externally provided processes, products or services that are relevant to the information security management system are controlled ISO/IEC 27001:2022 clause 8 (Operation)
Operation 9.1 Monitoring, measurement, analysis and evaluation • 2013: • The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. • 2022: • Documented information shall be available as evidence of the results. • The organization shall evaluate the information security performance and the effectiveness of the information security management system. ISO/IEC 27001:2022 clause 9 (Performance evaluation)
9.2 (internal audit) & 9.3 (Management review) • New structure 9.2 Internal audit • 2013: single chapter • 2022: • 9.2 • 9.2.1: General • 9.2.2: Internal Audit programme ISO/IEC 27001:2022 clause 9 (Performance evaluation)
9.2 (internal audit) & 9.3 (Management review) • New structure 9.3 Management review • 2013: single chapter • 2022: • 9.3 • 9.3.1: General • 9.3.2: Management review input • 9.3.3: management review results ISO/IEC 27001:2022 clause 9 (Performance evaluation)
10.1 (Continual Improvement) & 10.2 (Non-conformity & corrective action) New structure (position switch) to comply with HS ISO/IEC 27001:2022 clause 10 (Improvement)
ISO/IEC 27001:2022 Some considerations
Some considerations & consequences of the update • More operational language (less passive) • More focus on effective results & evidence • Trying to minimize the "Compliance check list" approach… ISO/IEC 27001:2022
Some considerations & consequences of the update • New structure of Annex / ISO/IEC 27002:2022 • From 14 control groups and 114 controls (2013) • Logical / functional organisation matches most business organisation • To 5 control groups and 93 controls (2022) • Large groups • Disconnect from functional organisation Solution: ISO/IEC 27002:2022 - Annex A (informative) • Using attributes (to group the new controls the old way) • Tagging (Table A.1) ISO/IEC 27001:2022
Using attributes (suggestions from the standard) • Control types • #Preventive, #Detective, #Corrective • Information security properties • #Confidentiality, #Integrity, #Availability • Cybersecurity concepts (NIST) • #Identify, #Protect, #Detect, #Respond, #Recover) ISO/IEC 27001:2022 Attributes (p1/3)
Using attributes (suggestions from the standard) • Operational capabilities (ISO27001:2013) • #Governance, • #Asset_management, • #Information_protection, • #Human_resource_security, • #Physical_security, • #System_and_network_security, • #Application_security, • #Secure_configuration, • #Identity_and_access_management, • #Threat_and_vulnerability_management, • #Continuity, • #Supplier_relationships_security, • #Legal_and_compliance, • #Information_security_event_management, • #Information_security_assurance) ISO/IEC 27001:2022 Attributes (p2/3)
Using attributes (suggestions from the standard) • Security domains • #Governance_and_Ecosystem, • #Protection, • #Defence, • #Resilience ISO/IEC 27001:2022 Attributes (p3/3)
Using attributes (XLS) ISO/IEC 27001:2022 Attributes
ISO/IEC 27001:2022 Hints & tips
Hints & tips • Most of the new control items should be in place already • Cloud • Cyber • Data protection (GDPR driver) • (Physical) • Remap your existing SoA (using the table) • Control mapping tables in ISO27002 ISO/IEC 27001:2022
Hints & tips • Physical monitoring vs cloud-only companies? • Risk management ISO/IEC 27001:2022
ISO/IEC 27001:2022 What's up next?
What's up next? • Updates on audit procedures • Certification bodies • Updates on related standards • ISO 27006 (Audit) • ISO 27032 (Cyber) • ISO 27701 (PIMS) • ISO 27035 (Incident management) • … ISO/IEC 27001:2022
References Interesting information sources
Reference material PECB Webinars • PECB Webinar: ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know: • https://pecb.com/past-webinars/isoiec-27001--isoiec-270022022- what-you-need-to-know • PECB Magazine: How Does the New Revision of ISO/IEC 27002 Affect ISO/IEC 27001 • https://insights.pecb.com/how-does-the-new-revision-of-iso-iec- 27002-affect-iso-iec-27001/
Reference material PECB Webinars • General link: https://pecb.com/en/webinars • https://pecb.com/past-webinars • Search for • ISO/IEC 27001 • ISO/IEC 27002
Reference material PECB Webinars - ISO27005 • 16th November 2022 - What's new in ISO27005:2022 • General link: https://pecb.com/en/webinars • https://pecb.com/past-webinars • Search for • 27001 • 27002 • 27005
Reference material Other reference , see Linkedin page: https://www.linkedin.com/pulse/pecb-event-collaterals-isoiec- 270012022-what-changes-peter-geelen/
Ramping up… Relevant PECB Training courses
Relevant Training Information Security • PECB ISO/IEC 27001 LI (updated) • PECB ISO/IEC 27001 LA • PECB ISO/IEC 27002 LM (v2022) CyberSecurity • PECB ISO/IEC 27032 LI CyberSecurity • PECB Lead Cloud security Manager
Other Relevant Training Incident Management • PECB ISO/IEC 27035 LI Risk Management • PECB ISO/IEC 27005 LI
Appendix
Relevant Training PECB ISO/IEC 27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-implementer Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-auditor
Relevant Training PECB ISO/IEC 27002 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002 Lead Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27002/iso-iec-27002-lead-manager
Relevant Training PECB ISO/IEC 27005 - Risk Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 Lead Risk Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 /iso-27005-lead-risk-manager
Relevant Training PECB ISO/IEC 27035 - Incident Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 Lead Incident Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 /iso-iec-27035-lead-incident-manager
Relevant Training PECB GDPR https://pecb.com/en/education-and-certification-for-individuals/gdpr CDPO https://pecb.com/en/education-and-certification-for-individuals/gdpr/certified- data-protection-officer
Relevant Training PECB ISO29100 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer/iso-29100-lead-privacy-implementer
THANK YOU Q&A info@cyberminute.com CyberMinute Stefan Mathuvis stefan@qma.be

Recommended

ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 

Recommended

ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 IntroductionAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness TrainingDr Madhu Aman Sharma
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxDr Madhu Aman Sharma
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewShankar Subramaniyan
 
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdfControlCase
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awarenessÃsħâr Ãâlâm
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 ismsCraig Willetts ISO Expert
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
ISO 27001
ISO 27001ISO 27001
ISO 27001n|u - The Open Security Community
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdfSharudinBoriak1
 

More Related Content

What's hot

Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardPECB
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromMart Rovers
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001Imran Ahmed
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My OrganisationVigilant Software
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaFahmi Albaheth
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfSerkanRafetHalil1
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNA Putra
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfControlCase
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingOperational Excellence Consulting
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001technakama
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsUppala Anand
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementationRalf Braga
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMSBusiness Beam
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013scttmcvy
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowPECB
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001PECB
 

What's hot (20)

Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Why ISO27001 For My Organisation
Why ISO27001 For My OrganisationWhy ISO27001 For My Organisation
Why ISO27001 For My Organisation
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
 
Iso27001- Nashwan Mustafa
Iso27001- Nashwan MustafaIso27001- Nashwan Mustafa
Iso27001- Nashwan Mustafa
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
NQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation GuideNQA - ISO 27001 Implementation Guide
NQA - ISO 27001 Implementation Guide
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Iso 27001 2013 Standard Requirements
Iso 27001 2013 Standard RequirementsIso 27001 2013 Standard Requirements
Iso 27001 2013 Standard Requirements
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
What is ISO 27001 ISMS
What is ISO 27001 ISMSWhat is ISO 27001 ISMS
What is ISO 27001 ISMS
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementationPrivacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
Privacy Trends: Key practical steps on ISO/IEC 27701:2019 implementation
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 

Similar to ISO/IEC 27001:2022 – What are the changes?

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?PECB
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdfSharudinBoriak1
 
ISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version PresentationISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version Presentationyogaallworks
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000Ramana K V
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdftoncik
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Schellman & Company
 
Information security management system ISMS
Information security management system ISMSInformation security management system ISMS
Information security management system ISMSarcraving
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...acinfotec
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001powertech
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingNguyễn Đăng Quang
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfDavidMorris296217
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowPECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...PECB
 
Webinar achieving cybersecurity maturity.pdf
Webinar achieving cybersecurity maturity.pdfWebinar achieving cybersecurity maturity.pdf
Webinar achieving cybersecurity maturity.pdftoncik
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certificationramya119
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Schellman & Company
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterOperational Excellence Consulting
 

Similar to ISO/IEC 27001:2022 – What are the changes? (20)

ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf
 
ISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version PresentationISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version Presentation
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Information security management system ISMS
Information security management system ISMSInformation security management system ISMS
Information security management system ISMS
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
Webinar achieving cybersecurity maturity.pdf
Webinar achieving cybersecurity maturity.pdfWebinar achieving cybersecurity maturity.pdf
Webinar achieving cybersecurity maturity.pdf
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 
Iso 27001 certification
Iso 27001 certificationIso 27001 certification
Iso 27001 certification
 
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
Locking Up Your Cloud Environment: An Introduction to ISO/IEC 27017 and 27018
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness PosterISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Poster
 

More from PECB

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityPECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernancePECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyPECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationPECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsPECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...PECB
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...PECB
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?PECB
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptxPECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxPECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemPECB
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?PECB
 
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...PECB
 

More from PECB (20)

DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?
 
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
ISO/IEC 27032 vs. ISO 31000 – How do they help towards Cybersecurity Risk Man...
 

Recently uploaded

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesZilliz
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
Vector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector DatabasesVector Databases 101 - An introduction to the world of Vector Databases
Vector Databases 101 - An introduction to the world of Vector Databases
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

ISO/IEC 27001:2022 – What are the changes?

  • 1.
  • 2. Agenda • ISO/IEC 27001 & ISO/IEC 27002, catching up with history • Quick recap on the ISO/IEC 27002:2022 • From ISO/IEC 27002 to the ISO/IEC 27001 updates • Some considerations & consequences of the update • Hints & tips • What's up next with ISO/IEC 27001, in practice? • Q & A
  • 4. Peter Geelen (CyberMinute) • 20+ years experience in security • Enterprise Security & IAM • Cybersecurity • Data Protection & Privacy • Incident management, Disaster Recovery • Trainer, coach, auditor • ISO27001 Master & Lead ISO27002 • ISO27701 Master • Certified DPO & Fellow In Privacy • Lead Incident Mgr & Disaster Recovery • ISO27032 Sr. Lead Cybersecurity Mgr • Lead ISO27005 (Risk Mgmt) • Accredited Lead auditor ISMS/PIMS/QMS/BCMS • Accredited Security Trainer My experience Certification Accreditation http://www.cyberminute.com https://ffwd2.me/pgeelen More info (LinkedIn): peter@cyberminute.com
  • 5. Stefan Mathuvis (QMA) • 20 years experience in security, • Quality Management & Auditing • DPO as a Service • Cybersecurity • Security, Data Protection & Privacy • Trainer, coach, auditor • ISO27001 Lead Auditor • ISO9001 Lead Auditor • Lead auditor Tisax • Lead auditor GQS • CDPO • PECB trainer • Accredited ISO27001 lead auditor • Accredited 9001 Lead auditor My experience Certification Accreditation http://www.qma.be https://ffwd2.me/stefan More info (LinkedIn): Stefan@qma.be
  • 6. ISO/IEC 27001 & ISO/IEC 27002 Catching up
  • 7. The standard • Certifiable international standard for information security best practices • Main version 2013, with updates 2014, 2015 & 2017 (https://www.iso.org/standard/82875.html) Consists of • Management Clauses • Normative controls Annex ISO/IEC 27001
  • 8. Management Clauses • Based on Harmonized Structure (HS) / High Level Structure (HLS) • Core principles of ISO 9001:2015 • PDCA Cycle ISO/IEC 27001
  • 9. Management Clauses • Principle of continual improvement • PDCA Cycle ISO/IEC 27001
  • 10. Management Clauses • Principle of continual improvement • PDCA Cycle ISO/IEC 27001 Act Plan Do Check Act Plan Do Check Security Improvement Time
  • 11. Annex A (normative) • "Normative" = part of requirements (ref. certification track) • From the ISO/IEC 27001:2022 (ref. 2013) "The information security controls listed in Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2022[1], Clauses 5 to 8 and shall be used in context with 6.1.3. " ISO/IEC 27001
  • 12. Annex A (normative) > link to Clause 6.1.3 ISO/IEC 27001
  • 13. Annex A (normative) • "Normative" = part of requirements (ref. certification track) • From the ISO/IEC 27001:2022 (ref. 2013) "The information security controls listed in Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2022[1], Clauses 5 to 8 and shall be used in context with 6.1.3. " ISO/IEC 27001
  • 14. Annex A (normative) • Annex = Security measures • Security measures • Security = PPT : People, Process & Technology • In fact : (P)PPT -> Physical, People, Process & Technology • Based on, extract from ISO/IEC 27002 • So, ISO first updated 27002:2013 to 2022… ISO/IEC 27001
  • 15. ISO/IEC 27002:2022 quick recap Quick recap
  • 16. More info • PECB Webinar: ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know: https://pecb.com/past-webinars/isoiec-27001--isoiec-270022022-what- you-need-to-know • PECB Magazine: How Does the New Revision of ISO/IEC 27002 Affect ISO/IEC 27001 https://insights.pecb.com/how-does-the-new-revision-of-iso-iec-27002- affect-iso-iec-27001/ ISO/IEC 27002:2022
  • 17. Most important changes (*) • Main structure change • From: operational security, functional organization (Meaning A.5 > A.18) • To: PPPT (3PT) • Process & Policies (organizational) (A.5) • People (A.6) • Physical (A.7) • Technological (A.8) ISO/IEC 27002:2022
  • 18. Important to know • From 114 (v2013) to 93 (v2022) controls • But no controls removed • Consolidation & updates of controls • ISO/IEC 27002:2022 Annex B • Table B.1 mapping 2022>2013 • Table B.2 mapping 2013>2022 • 11 new controls ISO/IEC 27002:2022
  • 19. New controls • A.5.7 Threat intelligence (cyber/cloud/DP) • A.5.23: Information security for cloud services (cloud) • A.5.30: ICT readiness for business continuity (A.17) • A.7.4: physical security monitoring (physical) • A.8.9: Configuration management (alignment ISO 20000) • A.8.10: Information deletion (Data protection) • A.8.11: Data masking (DP) • A.8.12: Data leakage prevention (DP/Cyber) • A.8.16: Monitoring activities (general) • A.8.23: Web filtering (cyber) • A.8.28: Secure coding (Cyber & Application security) ISO/IEC 27002:2022
  • 20. Did you notice… • the change of language (more active language) • the change in focus of audience (employee > staff) • the broader approach & interpretation • Not only information security but also more focus on • Cyber & cloud security • Data protection • physical security ISO/IEC 27002:2022
  • 21. ISO/IEC 27001:2022 From ISO/IEC 27002 to ISO/IEC 27001
  • 22. Walkthrough of the changes • Name change • Document structure changes • Key changes in main clause • Language & content changes ISO/IEC 27001:2022
  • 23. It starts with the front page: name change ISO/IEC 27001:2022
  • 24. It starts with the front page: name change ISO/IEC 27001:2022
  • 25. Table of contents alignment (display level 3) ISO/IEC 27001:2022
  • 27. Foreword • Alignment with ISO directive • Cancels and replaces previous version (2nd edition) including all Technical corrigenda • 2014 • 2015 • 2017 (wrap up of previous corrigenda) • Alignment with harmonized structure Ref: 2021-05_Annex SL_Appendix_2_rev1.pdf ISO/IEC 27001:2022
  • 28. Scope "Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document." ISO/IEC 27001:2022
  • 29. Terms and definitions • 2013: • Only reference to ISO27000 • For your information: free download of ISO27000 (v2018): https://standards.iso.org/ittf/PubliclyAvailableStandards/ • 2022: addition • ISO and IEC maintain terminology databases for use in standardization at the following addresses: • ISO Online browsing platform: available at https://www.iso.org/obp • IEC Electropedia: available at https://www.electropedia.org ISO/IEC 27001:2022
  • 30. Context of organisation • Updated reference to ISO31000:2018 • 4.2 Interested parties (new) • c) which of these requirements will be addressed through the information security management system. • 4.4 ISMS - increased focus on processes • The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document ISO/IEC 27001:2022 clause 4
  • 31. Planning (Risk management) • 6.2 Information security objectives • 2 new sub items • d) be monitored; • g) be available as documented information. • (NEW) 6.3: Planning of changes • When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner. ISO/IEC 27001:2022 clause 6 (Planning)
  • 32. Communication • 7.4 Communication • Simplification of module • d) how to communicate. • e) removed ISO/IEC 27001:2022 clause 7 (Support)
  • 33. Operation 8.1 Operational planning and control ISO/IEC 27001:2022 clause 8 (Operation)
  • 34. Operation 8.1 Operational planning and control • 2013: The organisation shall ensure that outsourced processes are determined and controlled • 2022: The organization shall ensure that externally provided processes, products or services that are relevant to the information security management system are controlled ISO/IEC 27001:2022 clause 8 (Operation)
  • 35. Operation 9.1 Monitoring, measurement, analysis and evaluation • 2013: • The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. • 2022: • Documented information shall be available as evidence of the results. • The organization shall evaluate the information security performance and the effectiveness of the information security management system. ISO/IEC 27001:2022 clause 9 (Performance evaluation)
  • 36. 9.2 (internal audit) & 9.3 (Management review) • New structure 9.2 Internal audit • 2013: single chapter • 2022: • 9.2 • 9.2.1: General • 9.2.2: Internal Audit programme ISO/IEC 27001:2022 clause 9 (Performance evaluation)
  • 37. 9.2 (internal audit) & 9.3 (Management review) • New structure 9.3 Management review • 2013: single chapter • 2022: • 9.3 • 9.3.1: General • 9.3.2: Management review input • 9.3.3: management review results ISO/IEC 27001:2022 clause 9 (Performance evaluation)
  • 38. 10.1 (Continual Improvement) & 10.2 (Non-conformity & corrective action) New structure (position switch) to comply with HS ISO/IEC 27001:2022 clause 10 (Improvement)
  • 40. Some considerations & consequences of the update • More operational language (less passive) • More focus on effective results & evidence • Trying to minimize the "Compliance check list" approach… ISO/IEC 27001:2022
  • 41. Some considerations & consequences of the update • New structure of Annex / ISO/IEC 27002:2022 • From 14 control groups and 114 controls (2013) • Logical / functional organisation matches most business organisation • To 5 control groups and 93 controls (2022) • Large groups • Disconnect from functional organisation Solution: ISO/IEC 27002:2022 - Annex A (informative) • Using attributes (to group the new controls the old way) • Tagging (Table A.1) ISO/IEC 27001:2022
  • 42. Using attributes (suggestions from the standard) • Control types • #Preventive, #Detective, #Corrective • Information security properties • #Confidentiality, #Integrity, #Availability • Cybersecurity concepts (NIST) • #Identify, #Protect, #Detect, #Respond, #Recover) ISO/IEC 27001:2022 Attributes (p1/3)
  • 43. Using attributes (suggestions from the standard) • Operational capabilities (ISO27001:2013) • #Governance, • #Asset_management, • #Information_protection, • #Human_resource_security, • #Physical_security, • #System_and_network_security, • #Application_security, • #Secure_configuration, • #Identity_and_access_management, • #Threat_and_vulnerability_management, • #Continuity, • #Supplier_relationships_security, • #Legal_and_compliance, • #Information_security_event_management, • #Information_security_assurance) ISO/IEC 27001:2022 Attributes (p2/3)
  • 44. Using attributes (suggestions from the standard) • Security domains • #Governance_and_Ecosystem, • #Protection, • #Defence, • #Resilience ISO/IEC 27001:2022 Attributes (p3/3)
  • 45. Using attributes (XLS) ISO/IEC 27001:2022 Attributes
  • 47. Hints & tips • Most of the new control items should be in place already • Cloud • Cyber • Data protection (GDPR driver) • (Physical) • Remap your existing SoA (using the table) • Control mapping tables in ISO27002 ISO/IEC 27001:2022
  • 48. Hints & tips • Physical monitoring vs cloud-only companies? • Risk management ISO/IEC 27001:2022
  • 50. What's up next? • Updates on audit procedures • Certification bodies • Updates on related standards • ISO 27006 (Audit) • ISO 27032 (Cyber) • ISO 27701 (PIMS) • ISO 27035 (Incident management) • … ISO/IEC 27001:2022
  • 52. Reference material PECB Webinars • PECB Webinar: ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know: • https://pecb.com/past-webinars/isoiec-27001--isoiec-270022022- what-you-need-to-know • PECB Magazine: How Does the New Revision of ISO/IEC 27002 Affect ISO/IEC 27001 • https://insights.pecb.com/how-does-the-new-revision-of-iso-iec- 27002-affect-iso-iec-27001/
  • 53. Reference material PECB Webinars • General link: https://pecb.com/en/webinars • https://pecb.com/past-webinars • Search for • ISO/IEC 27001 • ISO/IEC 27002
  • 54. Reference material PECB Webinars - ISO27005 • 16th November 2022 - What's new in ISO27005:2022 • General link: https://pecb.com/en/webinars • https://pecb.com/past-webinars • Search for • 27001 • 27002 • 27005
  • 55. Reference material Other reference , see Linkedin page: https://www.linkedin.com/pulse/pecb-event-collaterals-isoiec- 270012022-what-changes-peter-geelen/
  • 56. Ramping up… Relevant PECB Training courses
  • 57. Relevant Training Information Security • PECB ISO/IEC 27001 LI (updated) • PECB ISO/IEC 27001 LA • PECB ISO/IEC 27002 LM (v2022) CyberSecurity • PECB ISO/IEC 27032 LI CyberSecurity • PECB Lead Cloud security Manager
  • 58. Other Relevant Training Incident Management • PECB ISO/IEC 27035 LI Risk Management • PECB ISO/IEC 27005 LI
  • 60. Relevant Training PECB ISO/IEC 27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-implementer Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-auditor
  • 61. Relevant Training PECB ISO/IEC 27002 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002 Lead Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27002/iso-iec-27002-lead-manager
  • 62. Relevant Training PECB ISO/IEC 27005 - Risk Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 Lead Risk Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 /iso-27005-lead-risk-manager
  • 63. Relevant Training PECB ISO/IEC 27035 - Incident Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 Lead Incident Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 /iso-iec-27035-lead-incident-manager
  • 65. Relevant Training PECB ISO29100 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer/iso-29100-lead-privacy-implementer