2022-02-23
It's so...2022: New ISO 27002-2022 Published:002:2022 -
ISO 27002:2022 Considerations for certifiers-in-process (and the certified) for 2022 and beyond:
1. The standard now aggregates information security, cybersecurity into a
unitary document
2. Four "Controls" Themes - People, physical, technological and
organizational.
3. Relevant new controls are directed to data loss prevention, IoT, and,
introducing: threat intelligence.
4. Handy Annex A to 27002:2022 provides means to demonstrate cyber/information,
etc. postures
The standard will likely require currently certified entities to update or
create new policies.
Important Note: Annex A to ISO27001 is in the final steps of being updated
(perhaps as early as Q2 2022) to put it accordance with ISO27002:2022. For
re-certifying entities, this will mean a two year compressed certification time
frame. Newly certifying entities should become aware of and address their
activities to incorporate relevant additional, modified requirements.
#cybersecurity #iot #ISO27002
Threat intelligence now includes litigation intelligence.
