by Anastasios Arampatzis
The evolution of the digital world and the dependence of businesses on the network and information technology, led the industry back in 2005 to pack all their information security management best practices in a concise standard, dubbed as ISO 27001. Since then, the Standard has been updated once in 2013 to the current version.
Today, new risks have emerged. High tech cyber-attacks make holes in the network security ecosystem and penetrate the information security grid we all heavily depend on. The ISO 27001:2013 is about to be updated, and together the companies’ mentality about the need for a CISO, or vCISO service.
The ISO 27001 in brief
“ISO 27001 is the leading international Standard focused on information security that was developed to help organizations, of any size or any industry, to protect their information systematically and cost-effectively, through the adoption of an Information Security Management System”, states Advisera.
ISO 27001 is an international Standard, developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Being part of the 27000 family, a series of Standards created to harden the information security of organizations and companies, the 27001 Standard provides a framework to help any business protect the confidentiality, integrity, and availability of their sensitive and valuable information through the adoption of an Information Security Management System (ISMS).
An ISMS is a set of rules documented in the form of policies, procedures, and established processes. Since it protects information, it mainly deals with risk identification, definition and implementation of controls, and continuous measurement and improvement. The Standard defines the minimum policy documents that are required and must be in place. It is split into two sections: the first consists of 11 clauses; the second, named Annex A, provides 114 control objectives and controls.
What is new in ISO 27002:2022?
ISO 27002 is the guide for the implementation of the controls described in the Annex A to the ISO 27001 Standard. The new version, released in February 2022, has undertaken important changes, which provide a glimpse into what we should expect from the updated ISO 27001:2022, which is expected to be published somewhere within 2022.