ISO 27001: ANALYSIS OF CHANGES AND COMPLIANCE FEATURES OF THE NEW VERSION OF THE STANDARD
DOI:
https://doi.org/10.28925/2663-4023.2023.19.4655Keywords:
information security, cybersecurity, ISO/IEC 27001:2013, ISO/IEC 27001:2022, information security framework, information security management systemAbstract
Managing information security in the organization may be a daunting task, especially considering that it may encompass many areas from physical and network security to human resources security and management of suppliers. This is where security frameworks come in handy and put formality into the process of the design and implementation of the security strategy.
While there are a bunch of different information security frameworks out in the wild, the most commonly-found and preferred by security professionals worldwide is ISO/IEC 27001. It combines both the quite comprehensive set of security controls to cover the most important security areas and wide applicability which allows applying this framework to all kinds of organizations.
While cyberspace is constantly changing, companies should also adapt their approaches to the organization of information security processes. In order to respond to new challenges and threats to cyber security, the International Organization for Standardization (ISO) at the end of 2022 has published an updated version of the ISO/IEC 27001:2022 standard, which from now on should be taken into account by all organizations that aim to implement and certify its information security management system (ISMS).
The purpose of this article is to provide a brief overview of the new edition of the popular standard, фтв describe the key changes in the structure and description of security controls; as well as develop recommendations for achieving compliance with the requirements of the updated version of the standard.
Downloads
References
Susukailo, V., Opirsky, I., Yaremko, O. (2021). Methodology of ISMS Establishment Against Modern Cybersecurity Threats. У Lecture Notes in Electrical Engineering (с. 257–271). Springer International Publishing. https://doi.org/10.1007/978-3-030-92435-5_15
Kurii, Y. Opirskyy, I. (2021). Analysis and Comparison of the NIST SP 800-53 and ISO/IEC 27001:2013. Paper presented at the CEUR Workshop Proceedings, 3288, 21-32.
(2022) ISO/IEC 27002: Information security, cybersecurity and privacy protection — Information security controls. URL: https://www.iso.org/standard/75652.html
(2022) ISO/IEC 27001: Information security, cybersecurity and privacy protection — Information security management systems — Requirements. URL: https://www.iso.org/standard/82875.html
(2013) ISO/IEC 27001: Information Technology — Security Techniques — Information Security Management Systems — Requirements. URL: https://www.iso.org/standard/54534.html
(2013) ISO/IEC 27002: Information Technology — Security Techniques — Code of Practice for Information Security Controls. URL: https://www.iso.org/standard/54533.html
2020 ISO Survey of Management System Standards reveals 17% increase in certifications. Режим доступу до ресурсу: https://www.quality.org/article/2020-iso-survey-management-system-standards-reveals-17-increase-certifications
MSECB Transition Policy on Management System Certification to ISO/IEC 27001:2022. https://msecb.com/wp-content/uploads/2023/01/MSECB-Transition-Policy-on-MS-Certification-to-ISO-IEC-27001.pdf?utm_source=sendinblue&utm_campaign=Clients%20ISOIEC%20270012022%20Transition%20Policy&utm_medium=email
Global Cybersecurity Outlook 2022. https://www.weforum.org/reports/global-cybersecurity-outlook-2022
ISO/IEC 27001: What’s new in IT security? https://www.iso.org/contents/news/2022/10/new-iso-iec-27001.html
What Are The ISO 27001 Changes In 2022. https://bestpractice.biz/what-are-the-iso-27001-changes-in-2022/
ISO 27001 2013 vs. 2022 revision – What has changed? https://advisera.com/27001academy/blog/2022/02/09/iso-27001-iso-27002/
ISO/IEC 27001 - What are the main changes in 2022? https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022
