ISO/IEC 27002:2022. An update to the guildelines for information security controls
ISO has recently published an updated edition of the guidelines standard for information security controls, ISO/IEC 27002:2022.
There are some significant changes compared to the prevoius version of this standard (the one from 2013).
Instead of 114 security controls we now have only 93 that are divided into 4 categories: Organizational controls, People controls, Physical controls and Technological controls.
There are new controls in the standard (e.g. Web filtering, Threat intelligence, Data masking or Information deletion). Some of the controls from the previous edition have been merged and others have been renamed.
We have prepared an online course for those who are interested to understand the security controls in ISO/IEC 27002:2022. Our online course is available here.
It is expected that ISO/IEC 27001, the standard that defines the requirements for an ISMS and that is used for audit and certification purposes will be revised in the near future as well.