Recommended
Recommended
More Related Content
Similar to Information security management system ISMS
Similar to Information security management system ISMS (20)
Recently uploaded
Recently uploaded (20)
Information security management system ISMS
- 2. Changes in the New ISO/IEC 27001 and ISO/IEC 27002 • ISO/IEC 27001 is under revision, and ISO/IEC 27002:2022 – Information Security, Cybersecurity And Privacy Protection – Information Security Controls has been released. • The latest revision of ISO/IEC 27002 was published in February 2022, and ISO/IEC 27001 will follow shortly thereafter. • The International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) joint technical committee, ISO/IEC JTC 1, is changing the structure of the ISO/IEC 27001/27002 control framework after nearly 20 years.
- 3. What Is the Difference Between ISO/IEC 27001 and ISO/IEC 27002? • Organizations can achieve certification to ISO/IEC 27001 but not ISO/IEC 27002. • ISO/IEC 27001 documents requirements for establishing, implementing, maintaining, and continually improving an information security management system, while ISO/IEC 27002 is designed for organizations to use as a reference for selecting controls. • Also provides guidelines for information security management practices including the implementation and management of controls.
- 4. Changes in ISO/IEC 27002:2022 ISO/IEC 27002:2013 contains 114 controls in 14 domains; ISO/IEC 27002:2022 contains 93 controls in 4 domains: • Chapter 5 – Organizational (if they do not fall under any other domain) – 37 controls • Chapter 6 – People (if they concern individual people) – 8 controls • Chapter 7 – Physical (if they concern physical objects) – 14 controls • Chapter 8 – Technological (if they concern technology) – 34 controls
- 5. DESE INFORMATION SECURITY SYSTEMS SCHEME The Department of Education, Skills and Employment Information Security Management Systems (DESE ISMS) scheme is a customised version of the ISO 27001 Information Security Management Systems Standard that includes additional controls from the Australian Government Information Security Manual. The Department has mandated that providers of employment skills training and disability employment services must be compliant with the framework by March 2024, in order to fulfil their obligations.
- 6. DESE INFORMATION SECURITY SYSTEMS SCHEME Currently SGS is able to conduct unaccredited audits against the scheme, while working towards setting up a team and getting accredited for it.
- 7. Audit Time Chart DESE Information Security Systems Scheme REQUIREMENTS FOR BODIES PROVIDING AUDIT AND CERTIFICATION OF INFORMATION SECURITY MANAGEMENT SYSTEMS (ISMS) OF CONTRACTED EMPLOYMENT SERVICE PROVIDERS DESE ISMS Scheme Issue 1, 10 March 2021 (re-issued 24 May 2021)
- 8. Questions? © SGS Group Management SA – 2020 – All Rights Reserved – SGS is a registered trademark of SGS Group Management SA