Wednesday, February 23, 2022

2022-02-23

It's so...2022: New ISO 27002-2022 Published:002:2022

ISO 27002:2022 Considerations for certifiers-in-process (and the certified) for 2022 and beyond:

1. The standard now aggregates information security, cybersecurity into a unitary document
2. Four "Controls" Themes - People, physical, technological and organizational.
3. Relevant new controls are directed to data loss prevention, IoT, and, introducing: threat intelligence.
4. Handy Annex A to 27002:2022 provides means to demonstrate cyber/information, etc. postures

The standard will likely require currently certified entities to update or create new policies.

Important Note: Annex A to ISO27001 is in the final steps of being updated (perhaps as early as Q2 2022) to put it accordance with ISO27002:2022. For re-certifying entities, this will mean a two year compressed certification time frame. Newly certifying entities should become aware of and address their activities to incorporate relevant additional, modified requirements. #cybersecurity #iot #ISO27002


Threat intelligence now includes litigation intelligence.


 
Actions


No comments: