Detailed explanation of 11 new security controls in ISO 27001:2022
Dejan Kosutic
If you’re a security practitioner dealing with ISO 27001, you’re probably wondering what new things you will need to implement...
If you’re a security practitioner dealing with ISO 27001, you’re probably wondering what new things you will need to implement as part of the changes that will be made to this standard during 2022....
Main changes in the new ISO 27002 2022 revision
Rhand Leal
It’s been eight years since the last revision of ISO/IEC 27002 (in 2013), and although ISO 27001:2013 was confirmed in 2019 (i.e.,...
It’s been eight years since the last revision of ISO/IEC 27002 (in 2013), and although ISO 27001:2013 was confirmed in 2019 (i.e., no changes in the Information Security Management System standard were required) – ISO 27002 definitely...
Relationship between ISO 27701, ISO 27001, and ISO 27002
Antonio Jose Segovia
Update 2022-04-26. You probably know what the GDPR (General Data Protection Regulation) is, and maybe you also know about information...
Update 2022-04-26. You probably know what the GDPR (General Data Protection Regulation) is, and maybe you also know about information security and the ISO 27001 series standards, but do you know that there is an...
How to manage the security of network services according to ISO 27001 A.13.1.2
Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a...
Everybody knows that information is stored in information systems (workstations, laptops, smartphones, etc.), but to exchange the information via a network is necessary. Most of the information systems in this world are connected to the...
Clear desk and clear screen policy and what it means for ISO 27001
Updated: December 05, 2022., according to the ISO 27001:2022 revision. Imagine this scene: an employee at his desk, in an...
Updated: December 05, 2022., according to the ISO 27001:2022 revision. Imagine this scene: an employee at his desk, in an open-plan office, is reviewing on his notebook some data to prepare a report about the...
How to set security requirements and test systems according to ISO 27001
Security is something that everyone wants to have, but which no one ever wants to use. And this thought can...
Security is something that everyone wants to have, but which no one ever wants to use. And this thought can bring a lot of problems. Unless a system’s purpose is security related (e.g., firewall, access...
Media & equipment disposal – what is it and how to do it in line with ISO 27001
Update 2022-4-26. Today, hard drive and other media devices are less common than they were some years ago, because the...
Update 2022-4-26. Today, hard drive and other media devices are less common than they were some years ago, because the current trend is to use the cloud, although there are still a lot of people...
How to implement network segregation according to ISO 27001 control A.13.1.3
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved...
Update 2022-09-06. Think about a house, or office, with only one big space where you can arrange all your loved and precious things the way you think most appropriate. Tempting, isn’t it? The flexibility to...
ISO 27032 – What is it, and how does it differ from ISO 27001?
There are many standards in the ISO 27001 series, all related to security. You probably don’t know much about ISO...
There are many standards in the ISO 27001 series, all related to security. You probably don’t know much about ISO 27032:2012 because it is not as well-known as ISO 27001, ISO 27002, or ISO 22301,...
How to use firewalls in ISO 27001 and ISO 27002 implementation
A firewall is basically software that manages connections between different networks (internal or external), and has the ability to accept...
A firewall is basically software that manages connections between different networks (internal or external), and has the ability to accept a connection, reject it, or filter it under certain parameters. Because this is a key...
How to structure the documents for ISO 27001 Annex A controls
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it...
Updated: April 19, 2023, according to the ISO 27001 2022 revision. Once you’ve finished your risk assessment and treatment, it is time for you to start writing documents that describe your security controls according to...
What is the ISO 27000 series?
Updated: November 16, 2023. If you are working as an ISO 27001 consultant or practitioner, you are probably heavily dependent...
Updated: November 16, 2023. If you are working as an ISO 27001 consultant or practitioner, you are probably heavily dependent on the ISO/IEC 27000-series of standards. Since there are quite a lot of them (see...
Main changes in the new ISO 27002
Update 2013-09-25: This blog post was updated according to the final version of ISO 27002:2013 that was published on September...
Update 2013-09-25: This blog post was updated according to the final version of ISO 27002:2013 that was published on September 25, 2013 In my previous blog post I analyzed the changes between the old ISO...
A first look at the new ISO 27001
Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September...
Update 2013-09-25: This blog post was updated according to the final version of ISO 27001:2013 that was published on September 25, 2013. When I heard the news that the DIS (draft) version of ISO 27001:2013...
ISO 27000 series – What to expect in 2013?
Believe it or not, there are more than 30 standards in the ISO 27k series. And, to make things worse,...
Believe it or not, there are more than 30 standards in the ISO 27k series. And, to make things worse, they are constantly changing because information security theory and best practice are continuously evolving. Here’s...
What is cybersecurity and how can ISO 27001 help?
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but...
Every time I speak to someone about cybersecurity I hear rather different definitions about what it actually is – but at least the general idea is pretty much the same. However, when it comes to...
ISO 27001 vs. ISO 27002
Updated: March 28, 2023, according to the ISO 27001 2022 revision. If you came across the ISO 27001 and ISO...
Updated: March 28, 2023, according to the ISO 27001 2022 revision. If you came across the ISO 27001 and ISO 27002 standards, you probably noticed that ISO 27002 is much more detailed, much more precise...
