ISO 27002:2013 TO ISO 27002:2022 CONTROL MAPPING - GreyCastle Security
1y ago
20 Views
1 Downloads
735.20 KB
6 Pages
Report/dmca
Download PDF

Transcription

ISO 27002:2013 TO ISO 27002:2022CONTROL MAPPINGThe typical lifespan of an ISO standard is five years. After this period, it is decided whetherthe standard can stay valid, needs revision, or should be retracted. In 2018, it was decided that ISO27002:2013 should be revised. The draft has been published and announced on February 15, 2022.ISO tion security policies5Organizational controlsA.5.1.1Policies for information securityA.5.1.2Review of the policies forinformation security5.1Policies for information securityA.6.1.1Information security roles andresponsibilities5.2Information security roles andresponsibilitiesA.6.1.2Segregation of duties5.3Segregation of dutiesA.6.1.3Contact with authorities5.5Contact with authoritiesA.6.1.4Contact with special interest groups5.6Contact with special interest groups5.7Threat intelligence5.8Information security in projectmanagementNEWA.6.1.5Information security in projectmanagementA.14.1.1Information security requirementsanalysis and specificationA.6Organization of information security8Technological controlsMobile devices (Moved to Assetmanagement)8.1User endpoint devicesA.6.2.1A.11.2.8Unattended user equipmentA.6Organization of information security6People ControlsA.6.2.2Teleworking6.7Remote workingA.7Human Resources Security6People ControlsA.7.1.1Screening6.1ScreeningA.7.1.2Terms and conditions ofemployment6.2Terms and conditions ofemploymentA.7.2.1Management responsibilities5.4Management responsibilitiesA.7.2.2Information security awareness,education, and training6.3Information security awareness,education, and training185 Jordan Road, Suite 3, Troy, NY 12180800-430-8350 sales@greycastlesecurity.com GreyCastleSecurity.com

ISO 27002:2013 TO ISO 27002:2022CONTROL MAPPINGISO ciplinary process6.4Disciplinary processA.7.3.1Termination or change ofemployment responsibilities6.5Responsibilities after termination orchange of employmentA.8Asset Management5Organizational controlsA.8.1.1A.8.1.2Inventory of assets5.9Inventory of information and otherassociated assetsA.8.1.3A.8.2.3Acceptable use of assets5.10Acceptable use of assets and otherassociated information assetsA.8.1.4Return of assets5.11Return of assetsA.8.2.1Classification of information5.12Classification of informationA.8.2.2Labeling of information5.13Labeling of InformationA.8Asset Management7Physical controlsA.8.3.1Management of removable media7.10Storage mediaA.8.3.2Disposal of media7.10Storage mediaA.8.3.3Physical media transfer7.10Storage mediaA.9Access Control5Organizational controlsAccess to networks and networkservices5.15Access ControlUser registration and de-registration5.16Identity Management5.18Access rightsTechnological Ownership of assetsHandling of assetsAccess control policyUser access provisioningReview of access rightsRemoval or adjustment of accessrightsA.9Access Control8A.9.2.3Management of privileged accessrights8.2A.9Access Control5Organizational controls5.17Authentication of informationA.9.2.4A.9.3.1Management of secretauthentication information of usersUse of secret authenticationinformationA.9Access Control8Technological controlsA.9.4.1Information access restriction8.3Information access restriction185 Jordan Road, Suite 3, Troy, NY 12180800-430-8350 sales@greycastlesecurity.com GreyCastleSecurity.com

ISO 27002:2013 TO ISO 27002:2022CONTROL MAPPINGISO ure log-on procedures8.5Secure authenticationA.9Access Control5Organizational controlsA.9.4.3Password management system5.17Authentication of informationA.9Access Control8Technological controlsA.9.4.4Use of privileged utility programs8.18Use of privileged utility programsA.9.4.5Access control to program sourcecode8.4Access to source codeA.10Cryptography8Technological controlsPolicy on the use of cryptographiccontrols8.24Use of cryptographyA.10.1.1A.10.1.2Key managementA.11Physical and environmental security7Physical controlsA.11.1.1Physical security perimeter7.1Physical security perimeterA.11.1.2A.11.1.6Physical entry controls7.2A.11.1.3Securing offices, rooms, and facilitiesDelivery and loading areasNEWPhysical entry controls7.3Securing offices, rooms, and facilities7.4Physical security monitoringA.11.1.4Protecting against external andenvironmental threats7.5Protecting against physical andenvironmental threatsA.11.1.5Working in secure areas7.6Working in secure areasA.11.2.1Equipment siting and protection7.8Equipment siting and protectionA.11.2.2Supporting utilities7.11Supporting utilitiesA.11.2.3Cabling security7.12Cabling securityA.11.2.4Equipment maintenance7.13Equipment maintenanceA.11.2.5Removal of assetsDELETEDDELETEDA.11.2.6Security of equipment and assetsoff-premises7.9Security of assets off-premisesA.11.2.7Secure disposal or reuse ofequipment7.14Secure disposal or reuse ofequipmentA.11.2.8Unattended user equipment8.1User endpoint devicesA.11.2.9Clear desk and clear screen policy7.7Clear desk, clear screen policyA.12Operations security5Organizational controlsA.12.1.1Documented operating procedures5.37Documented operating proceduresA.12Operations security8Technological controls185 Jordan Road, Suite 3, Troy, NY 12180800-430-8350 sales@greycastlesecurity.com GreyCastleSecurity.com

ISO 27002:2013 TO ISO 27002:2022CONTROL MAPPINGISO ange management8.32Change managementA.12.1.3Capacity management8.6Capacity managementA.12.1.4Separation of development, testingand operational environments8.31Separation of development, test, andproduction environmentsA.12.2.1Controls against malware8.7Protection against malwareA.12.3.1Information backup8.13Information backup8.15Logging8.16Monitoring activitiesA.12.4.1A.12.4.2A.12.4.3Event loggingProtection of log informationAdministrator and operator logsNEWA.12.4.4Clock synchronization8.17Clock synchronizationA.12.5.1Installation of software onoperational systems8.19Installation of software onoperational systemsA.12.6.1Management of technicalvulnerabilities8.8Management of technicalvulnerabilitiesNEW8.9Configuration managementNEW8.10Information deletionNEW8.11Data maskingNEW8.12Data leakage preventionA.13Communications security8Technological controlsA.13.1.1Network controls8.20Network controlsA.13.1.2Security of network services8.21Security of network servicesA.13.1.3Segregation in networks8.22Segregation in network8.23Web filtering5Organizational controls5.14Information ons securityInformation transfer policies andproceduresAgreements on information transferElectronic messagingA.13Communications security6People ControlsA.13.2.4Confidentiality or nondisclosureagreements6.6Confidentiality or nondisclosureagreementsA.14System and software acquisition,development, and maintenance8Technological controls185 Jordan Road, Suite 3, Troy, NY 12180800-430-8350 sales@greycastlesecurity.com GreyCastleSecurity.com

ISO 27002:2013 TO ISO 27002:2022CONTROL MAPPINGISO formation security requirements,analysis, and specifications5.8Information security in projectmanagement8.26Application security requirementsA.14.1.2A.14.1.3Securing applications services onpublic networksProtecting application transactionsA.14.2.1Secure development policy8.25Secure development lifecycleA.14.2.2System change control procedures8.32Change managementA.14.2.5Security system engineeringprinciples8.27Secure system architecture andengineering principles8.28Secure codingNEWA.14.2.6Secure development environment8.31Separation of development, test, andproduction environmentsA.14.2.7Outsourced development8.30Outsourced development8.29Security testing in development andacceptanceA.14.2.8A.14.2.9System security testingSystem acceptance testingA.14.3.1Protection of test data8.33Test informationA.15Supplier relationships5Organizational controlsA.15.1.1Information security in supplierrelationships5.19Information security in supplierrelationshipsA.15.1.2Addressing security within supplieragreements5.20Addressing security within supplieragreementsA.15.1.3Information and communicationtechnology supply chain5.21Managing information security in theICT supply chain5.22Monitoring, review, and changemanagement of supplier services5.23Information security for use of cloudservicesA.15.2.1A.15.2.2Monitoring and review of supplierservicesManaging changes to supplierservicesNEWA.16Incident Management5Organizational controlsA.16.1.1Responsibilities and procedures5.24Information security incidentmanagement planning and prepA.16Incident Management6People Controls6.8Information security event reportingA.16.1.2A.16.1.3Reporting information securityeventsReporting information securityweaknesses185 Jordan Road, Suite 3, Troy, NY 12180800-430-8350 sales@greycastlesecurity.com GreyCastleSecurity.com

ISO 27002:2013 TO ISO 27002:2022CONTROL MAPPINGISO nt Management5Organizational controlsA.16.1.4Assessment of and decision oninformation security events5.25Assessment and decision oninformation security eventsA.16.1.5Response to information securityincidents5.26Response to information securityincidentsA.16.1.6Learning from information securityincidents5.27Learning from information securityincidentsA.16.1.7Collection of evidence5.28Collection of evidenceA.17Information security aspects ofbusiness continuity5Organizational controls5.29Information security duringdisruption5.30ICT Readiness for business continuityA.17.1.1A.17.1.2A.17.1.3Planning information securitycontinuityImplementing information securitycontinuityVerify, review, and evaluateinformation security continuityNEWA.17Information security aspects ofbusiness continuity8A.17.2.1Availability of informationprocessing facilities8.14Redundancy of informationprocessing facilitiesA.18Compliance5Organizational controlsIdentification of applicablelegislative and contractualrequirements5.31Identification of applicablelegislative and contractualrequirementsA.18.1.1A.18.1.5Regulation of cryptographic controlsTechnological controlsA.18.1.2Intellectual property rights5.32Intellectual property rightsA.18.1.3Protection of records5.33Protection of recordsA.18.1.4Privacy and protection of personallyidentifiable information5.34Privacy and protection of PIIA.18.2.1Independent review of informationsecurity5.35Independent review of informationsecurityA.18.2.2Compliance with security policiesand standards5.36Compliance with security policiesand standardsA.18.2.3Technical compliance review5.36.8.8Technical compliance review185 Jordan Road, Suite 3, Troy, NY 12180800-430-8350 sales@greycastlesecurity.com GreyCastleSecurity.com

ISO 27002:2013 TO ISO 27002:2022 CONTROL MAPPING The typical lifespan of an ISO standard is five years. After this period, it is decided whether the standard can stay valid, needs revision, or should be retracted. In 2018, it was decided that ISO 27002:2013 should be revised. The draft has been published and announced on February 15, 2022.

Related Books

Siemens Digital IndustrySoftware - AFNeT

Siemens Digital IndustrySoftware - AFNeT

INTERNATIONAL ISO/IEC STANDARD 27002 - kok.kz

INTERNATIONAL ISO/IEC STANDARD 27002 - kok.kz

BIO en NEN 7510 binnen dezelfde organisatie

BIO en NEN 7510 binnen dezelfde organisatie

The ISO/IEC 27002 and ISO/IEC 27799 Information Security . - CORE

The ISO/IEC 27002 and ISO/IEC 27799 Information Security . - CORE

BSI Standards Publication

BSI Standards Publication

ISO/IEC 27002: 2013 Grafimedia - creatieve industrie

ISO/IEC 27002: 2013 Grafimedia - creatieve industrie

We Make the Building Blocks of Sustainable Technologies

We Make the Building Blocks of Sustainable Technologies

Einführung eines ISMS nach ISO 27001 - uw-s

Einführung eines ISMS nach ISO 27001 - uw-s

Audit Keamanan SIMAK Berdasarkan ISO 27002 (Studi Kasus: FE UNUD)

Audit Keamanan SIMAK Berdasarkan ISO 27002 (Studi Kasus: FE UNUD)

INTERNATIONAL ISO/IEC This is a preview of ISO/IEC 27002:2013. Click .

INTERNATIONAL ISO/IEC This is a preview of ISO/IEC 27002:2013. Click .

ISO 27000-series Update for ISMS - snia

ISO 27000-series Update for ISMS - snia

PopularTags

Recent Views