![]() Information security properties: Confidentiality, Integrity, and Availability.Control types: Preventive, Detective, and Corrective.In my opinion, this is the change that brings the most value for this new version, because it provides a standardized way to sort and filter controls against different views to address the needs of different groups.Īttributes options for each control are as follows: As a comparative example, access control was previously “9 Access control – 9.1 Business requirements of access control – 9.1.1 Access control policy,” whereas it is now “5 Organizational controls – 5.15 Access control.” These added elements make it easier to find information to better understand how to sort and justify the use of a control.Īdditionally, in the new ISO 27002, one level of subtitle was eliminated. Purpose: rationale for applying the control.Attribute table: attributes associated with the control (see next section for explanation).The controls in the new version of ISO 27002 have two new elements in their structure: ![]() Technological advancements, and an improvement to the understanding of how to apply security practices, seem to be the reasons for the change in number of controls. This new version has reduced the number of controls from 114 to 93.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |