ISO 27002:2022 Control Mapping Guide
ISO 27002:2013 has been updated and changed to ISO 27002:2022, and was released in February 2022.
The revised version of ISO 27002:2022 creates a more straightforward structure by rearranging, merging, and adding new controls to the standard.
ISO 270002 is a reference set of generic information security controls and guidance on their implementation. It’s a supplementary guide to ISO/IEC 27001 that helps users to identify and implement the information security controls that are most appropriate to their organization’s needs and which in turn can help strengthen the way in which information is protected.
Previously ISO 27002:2013 had 114 controls across 14 control domains; the updated 2022 edition has been reorganised into 93 different controls and now has a revised 4 different categories instead of the 14 different domains. There are 11 brand new controls in the 2022 edition whilst 24 controls have been merged and 58 have been updated.
The 4 different categories (clauses) that have been revised in the 2022 edition are as follows:
1. Organisational
2. People
3. Physical
4. Technological
These new controls have been added to reflect the current information security, physical security and cyber security landscape.
The new controls listed in the 27002:2022 scope are:
1. Threat Intelligence
2. Information Security for the use of Cloud Services
ICT readiness for Business Continuity
3. Physical Security Monitoring
4. Configuration Management
5. Information Deletion
6. Data Masking
7. Data Leakage prevention
8. Monitoring Activities
9. Web Filtering
10. Secure Coding
Also, the guidance section for each of the new controls has been updated to reflect more up-to-date cyber security practices. Each control has also been equipped with a “set of attributes” and a “purpose statement” that relates to different cyber security concepts. The phrase “code of practice” has been omitted to reflect better its purpose of being a reference set of information security controls
Eventually, these changes to ISO 27002:2022 will be coupled with a reconfigured version of ISO 27001:2013 and it is expected that this change will come around October 2022
As an ISO 27001 certification lasts for 3 years, if an organisation is currently certified, no immediate action needs to be taken. However, upon renewal or re-certification of ISO 27001, the revised version of ISO 27002:2022 may be applicable.
For more information, or to see how we can help you implement ISO 27002:2022, get in touch with us.
Click the below links for simple mapping guides between the standard versions:
ISO 27002 Mapping Guide 2013 to 2022
About the Creator
Grace Morris (she/her)
Sales and Marketing Co-Ordinator at Spritzmonkey, organisational geek helping companies improve their cybersecurity one step at a time.
Keep reading
More stories from Grace Morris (she/her) and writers in 01 and other communities.
🔋 Hydrogen Fuel: Powering the Future of Clean Energy
As the world searches for cleaner, more sustainable energy sources, hydrogen fuel has emerged as one of the most exciting contenders ⚡. Often described as the fuel of the future, hydrogen promises zero emissions at the point of use, high energy efficiency, and versatility across multiple industries. But what exactly is hydrogen fuel, how does it work, and can it truly replace fossil fuels? Let’s explore 🚀.
By Toader Adelin3 days ago in 01
House Cleaning Scopes That Keep Results Consistent
A clean home feels simple until you try to keep it that way during a busy month. Work deadlines, school schedules, pets, and visitors stack up. Dust returns faster than expected. Bathrooms show water spots. Kitchen grease builds around the stove. Many homeowners hire cleaning help, then feel unsure about what to request and how to judge quality.
By Jared Benning6 days ago in 01
Comments
There are no comments for this story
Be the first to respond and start the conversation.