SlideShare ist ein Scribd-Unternehmen logo

ISO/IEC 27001:2022 – What are the changes?

Als PPTX, PDF herunterladen
PECB
PECB

ISO/IEC 27001 is the main standard that aims to enhance an organization’s information security. Amongst others, the webinar covers: • ISO/IEC 27001 & ISO/IEC 27002, catching up with history • Quick recap on the ISO/IEC 27002:2022 • From ISO/IEC 27002 to the ISO/IEC 27001 updates • Some considerations & consequences of the update • What's up next with ISO/IEC 27001, in practice? Presenters: Peter Geelen Peter Geelen is the director and managing consultant at CyberMinute and Owner of Quest for Security, Belgium. Over more than 20 years, Peter has built strong experience in enterprise security & architecture, Identity & Access management, but also privacy, information & data protection, cyber- and cloud security. Last few years, the focus is on ISO/IEC 27001 and other ISO certification mechanisms. Peter is accredited Lead Auditor for ISO/IEC 27001, ISO 9001, PECB Trainer and Fellow in Privacy. Committed to continuous learning, Peter holds renowned security certificates as certified ISO/IEC 27701 lead implementer and lead auditor, ISO/IEC 27001 Master, Sr. Lead Cybersecurity Manager, ISO/IEC 27002 lead manager, ISO/IEC 27701 Lead Implementer, cDPO, Risk management, Lead Incident Mgr., Disaster Recovery, and many more. Stefan Mathuvis Stefan Mathuvis, is owner & senior consultant at Quality Management & Auditing BV, Zonhoven, Belgium. With over 20 years of experience, Stefan built strong experience in quality management systems, Information Security management systems, GDPR, data privacy & data protection. Stefan is accredited ISO/IEC 27001 Lead Auditor and operates as a third party auditor for DQS Belgium. Dividing his time between consultancy, training & third party auditing on an international scale, Stefan remains in touch with the issues of today allowing him to assist clients in their needs for Information Security and Data Privacy. Date: November 9, 2022 ------------------------------------------------------------------------------- Find out more about ISO training and certification services Training: https://pecb.com/whitepaper/isoiec-270022022--information-security-cybersecurity-and-privacy-protection https://pecb.com/article/isoiec-27001---what-are-the-main-changes-in-2022 https://pecb.com/article/investing-in-information-security-awareness Webinars: https://pecb.com/webinars Article: https://pecb.com/article Whitepaper: https://pecb.com/whitepaper ------------------------------------------------------------------------------- For more information about PECB: Website: https://pecb.com/ LinkedIn: https://www.linkedin.com/company/pecb/ Facebook: https://www.facebook.com/PECBInternational/ Slideshare: http://www.slideshare.net/PECBCERTIFICATION

Technologie
1 von 66
Agenda • ISO/IEC 27001 & ISO/IEC 27002, catching up with history • Quick recap on the ISO/IEC 27002:2022 • From ISO/IEC 27002 to the ISO/IEC 27001 updates • Some considerations & consequences of the update • Hints & tips • What's up next with ISO/IEC 27001, in practice? • Q & A
Introduction
Peter Geelen (CyberMinute) • 20+ years experience in security • Enterprise Security & IAM • Cybersecurity • Data Protection & Privacy • Incident management, Disaster Recovery • Trainer, coach, auditor • ISO27001 Master & Lead ISO27002 • ISO27701 Master • Certified DPO & Fellow In Privacy • Lead Incident Mgr & Disaster Recovery • ISO27032 Sr. Lead Cybersecurity Mgr • Lead ISO27005 (Risk Mgmt) • Accredited Lead auditor ISMS/PIMS/QMS/BCMS • Accredited Security Trainer My experience Certification Accreditation http://www.cyberminute.com https://ffwd2.me/pgeelen More info (LinkedIn): peter@cyberminute.com
Stefan Mathuvis (QMA) • 20 years experience in security, • Quality Management & Auditing • DPO as a Service • Cybersecurity • Security, Data Protection & Privacy • Trainer, coach, auditor • ISO27001 Lead Auditor • ISO9001 Lead Auditor • Lead auditor Tisax • Lead auditor GQS • CDPO • PECB trainer • Accredited ISO27001 lead auditor • Accredited 9001 Lead auditor My experience Certification Accreditation http://www.qma.be https://ffwd2.me/stefan More info (LinkedIn): Stefan@qma.be
ISO/IEC 27001 & ISO/IEC 27002 Catching up
The standard • Certifiable international standard for information security best practices • Main version 2013, with updates 2014, 2015 & 2017 (https://www.iso.org/standard/82875.html) Consists of • Management Clauses • Normative controls Annex ISO/IEC 27001
Management Clauses • Based on Harmonized Structure (HS) / High Level Structure (HLS) • Core principles of ISO 9001:2015 • PDCA Cycle ISO/IEC 27001
Management Clauses • Principle of continual improvement • PDCA Cycle ISO/IEC 27001
Management Clauses • Principle of continual improvement • PDCA Cycle ISO/IEC 27001 Act Plan Do Check Act Plan Do Check Security Improvement Time
Annex A (normative) • "Normative" = part of requirements (ref. certification track) • From the ISO/IEC 27001:2022 (ref. 2013) "The information security controls listed in Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2022[1], Clauses 5 to 8 and shall be used in context with 6.1.3. " ISO/IEC 27001
Annex A (normative) > link to Clause 6.1.3 ISO/IEC 27001
Annex A (normative) • "Normative" = part of requirements (ref. certification track) • From the ISO/IEC 27001:2022 (ref. 2013) "The information security controls listed in Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2022[1], Clauses 5 to 8 and shall be used in context with 6.1.3. " ISO/IEC 27001
Annex A (normative) • Annex = Security measures • Security measures • Security = PPT : People, Process & Technology • In fact : (P)PPT -> Physical, People, Process & Technology • Based on, extract from ISO/IEC 27002 • So, ISO first updated 27002:2013 to 2022… ISO/IEC 27001
ISO/IEC 27002:2022 quick recap Quick recap
More info • PECB Webinar: ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know: https://pecb.com/past-webinars/isoiec-27001--isoiec-270022022-what- you-need-to-know • PECB Magazine: How Does the New Revision of ISO/IEC 27002 Affect ISO/IEC 27001 https://insights.pecb.com/how-does-the-new-revision-of-iso-iec-27002- affect-iso-iec-27001/ ISO/IEC 27002:2022
Most important changes (*) • Main structure change • From: operational security, functional organization (Meaning A.5 > A.18) • To: PPPT (3PT) • Process & Policies (organizational) (A.5) • People (A.6) • Physical (A.7) • Technological (A.8) ISO/IEC 27002:2022
Important to know • From 114 (v2013) to 93 (v2022) controls • But no controls removed • Consolidation & updates of controls • ISO/IEC 27002:2022 Annex B • Table B.1 mapping 2022>2013 • Table B.2 mapping 2013>2022 • 11 new controls ISO/IEC 27002:2022
New controls • A.5.7 Threat intelligence (cyber/cloud/DP) • A.5.23: Information security for cloud services (cloud) • A.5.30: ICT readiness for business continuity (A.17) • A.7.4: physical security monitoring (physical) • A.8.9: Configuration management (alignment ISO 20000) • A.8.10: Information deletion (Data protection) • A.8.11: Data masking (DP) • A.8.12: Data leakage prevention (DP/Cyber) • A.8.16: Monitoring activities (general) • A.8.23: Web filtering (cyber) • A.8.28: Secure coding (Cyber & Application security) ISO/IEC 27002:2022
Did you notice… • the change of language (more active language) • the change in focus of audience (employee > staff) • the broader approach & interpretation • Not only information security but also more focus on • Cyber & cloud security • Data protection • physical security ISO/IEC 27002:2022
ISO/IEC 27001:2022 From ISO/IEC 27002 to ISO/IEC 27001
Walkthrough of the changes • Name change • Document structure changes • Key changes in main clause • Language & content changes ISO/IEC 27001:2022
It starts with the front page: name change ISO/IEC 27001:2022
It starts with the front page: name change ISO/IEC 27001:2022
Table of contents alignment (display level 3) ISO/IEC 27001:2022
ISO/IEC 27001 Content updates
Foreword • Alignment with ISO directive • Cancels and replaces previous version (2nd edition) including all Technical corrigenda • 2014 • 2015 • 2017 (wrap up of previous corrigenda) • Alignment with harmonized structure Ref: 2021-05_Annex SL_Appendix_2_rev1.pdf ISO/IEC 27001:2022
Scope "Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document." ISO/IEC 27001:2022
Terms and definitions • 2013: • Only reference to ISO27000 • For your information: free download of ISO27000 (v2018): https://standards.iso.org/ittf/PubliclyAvailableStandards/ • 2022: addition • ISO and IEC maintain terminology databases for use in standardization at the following addresses: • ISO Online browsing platform: available at https://www.iso.org/obp • IEC Electropedia: available at https://www.electropedia.org ISO/IEC 27001:2022
Context of organisation • Updated reference to ISO31000:2018 • 4.2 Interested parties (new) • c) which of these requirements will be addressed through the information security management system. • 4.4 ISMS - increased focus on processes • The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document ISO/IEC 27001:2022 clause 4
Planning (Risk management) • 6.2 Information security objectives • 2 new sub items • d) be monitored; • g) be available as documented information. • (NEW) 6.3: Planning of changes • When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner. ISO/IEC 27001:2022 clause 6 (Planning)
Communication • 7.4 Communication • Simplification of module • d) how to communicate. • e) removed ISO/IEC 27001:2022 clause 7 (Support)
Operation 8.1 Operational planning and control ISO/IEC 27001:2022 clause 8 (Operation)
Operation 8.1 Operational planning and control • 2013: The organisation shall ensure that outsourced processes are determined and controlled • 2022: The organization shall ensure that externally provided processes, products or services that are relevant to the information security management system are controlled ISO/IEC 27001:2022 clause 8 (Operation)
Operation 9.1 Monitoring, measurement, analysis and evaluation • 2013: • The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. • 2022: • Documented information shall be available as evidence of the results. • The organization shall evaluate the information security performance and the effectiveness of the information security management system. ISO/IEC 27001:2022 clause 9 (Performance evaluation)
9.2 (internal audit) & 9.3 (Management review) • New structure 9.2 Internal audit • 2013: single chapter • 2022: • 9.2 • 9.2.1: General • 9.2.2: Internal Audit programme ISO/IEC 27001:2022 clause 9 (Performance evaluation)
9.2 (internal audit) & 9.3 (Management review) • New structure 9.3 Management review • 2013: single chapter • 2022: • 9.3 • 9.3.1: General • 9.3.2: Management review input • 9.3.3: management review results ISO/IEC 27001:2022 clause 9 (Performance evaluation)
10.1 (Continual Improvement) & 10.2 (Non-conformity & corrective action) New structure (position switch) to comply with HS ISO/IEC 27001:2022 clause 10 (Improvement)
ISO/IEC 27001:2022 Some considerations
Some considerations & consequences of the update • More operational language (less passive) • More focus on effective results & evidence • Trying to minimize the "Compliance check list" approach… ISO/IEC 27001:2022
Some considerations & consequences of the update • New structure of Annex / ISO/IEC 27002:2022 • From 14 control groups and 114 controls (2013) • Logical / functional organisation matches most business organisation • To 5 control groups and 93 controls (2022) • Large groups • Disconnect from functional organisation Solution: ISO/IEC 27002:2022 - Annex A (informative) • Using attributes (to group the new controls the old way) • Tagging (Table A.1) ISO/IEC 27001:2022
Using attributes (suggestions from the standard) • Control types • #Preventive, #Detective, #Corrective • Information security properties • #Confidentiality, #Integrity, #Availability • Cybersecurity concepts (NIST) • #Identify, #Protect, #Detect, #Respond, #Recover) ISO/IEC 27001:2022 Attributes (p1/3)
Using attributes (suggestions from the standard) • Operational capabilities (ISO27001:2013) • #Governance, • #Asset_management, • #Information_protection, • #Human_resource_security, • #Physical_security, • #System_and_network_security, • #Application_security, • #Secure_configuration, • #Identity_and_access_management, • #Threat_and_vulnerability_management, • #Continuity, • #Supplier_relationships_security, • #Legal_and_compliance, • #Information_security_event_management, • #Information_security_assurance) ISO/IEC 27001:2022 Attributes (p2/3)
Using attributes (suggestions from the standard) • Security domains • #Governance_and_Ecosystem, • #Protection, • #Defence, • #Resilience ISO/IEC 27001:2022 Attributes (p3/3)
Using attributes (XLS) ISO/IEC 27001:2022 Attributes
ISO/IEC 27001:2022 Hints & tips
Hints & tips • Most of the new control items should be in place already • Cloud • Cyber • Data protection (GDPR driver) • (Physical) • Remap your existing SoA (using the table) • Control mapping tables in ISO27002 ISO/IEC 27001:2022
Hints & tips • Physical monitoring vs cloud-only companies? • Risk management ISO/IEC 27001:2022
ISO/IEC 27001:2022 What's up next?
What's up next? • Updates on audit procedures • Certification bodies • Updates on related standards • ISO 27006 (Audit) • ISO 27032 (Cyber) • ISO 27701 (PIMS) • ISO 27035 (Incident management) • … ISO/IEC 27001:2022
References Interesting information sources
Reference material PECB Webinars • PECB Webinar: ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know: • https://pecb.com/past-webinars/isoiec-27001--isoiec-270022022- what-you-need-to-know • PECB Magazine: How Does the New Revision of ISO/IEC 27002 Affect ISO/IEC 27001 • https://insights.pecb.com/how-does-the-new-revision-of-iso-iec- 27002-affect-iso-iec-27001/
Reference material PECB Webinars • General link: https://pecb.com/en/webinars • https://pecb.com/past-webinars • Search for • ISO/IEC 27001 • ISO/IEC 27002
Reference material PECB Webinars - ISO27005 • 16th November 2022 - What's new in ISO27005:2022 • General link: https://pecb.com/en/webinars • https://pecb.com/past-webinars • Search for • 27001 • 27002 • 27005
Reference material Other reference , see Linkedin page: https://www.linkedin.com/pulse/pecb-event-collaterals-isoiec- 270012022-what-changes-peter-geelen/
Ramping up… Relevant PECB Training courses
Relevant Training Information Security • PECB ISO/IEC 27001 LI (updated) • PECB ISO/IEC 27001 LA • PECB ISO/IEC 27002 LM (v2022) CyberSecurity • PECB ISO/IEC 27032 LI CyberSecurity • PECB Lead Cloud security Manager
Other Relevant Training Incident Management • PECB ISO/IEC 27035 LI Risk Management • PECB ISO/IEC 27005 LI
Appendix
Relevant Training PECB ISO/IEC 27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-implementer Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-auditor
Relevant Training PECB ISO/IEC 27002 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002 Lead Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27002/iso-iec-27002-lead-manager
Relevant Training PECB ISO/IEC 27005 - Risk Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 Lead Risk Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 /iso-27005-lead-risk-manager
Relevant Training PECB ISO/IEC 27035 - Incident Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 Lead Incident Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 /iso-iec-27035-lead-incident-manager
Relevant Training PECB GDPR https://pecb.com/en/education-and-certification-for-individuals/gdpr CDPO https://pecb.com/en/education-and-certification-for-individuals/gdpr/certified- data-protection-officer
Relevant Training PECB ISO29100 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer/iso-29100-lead-privacy-implementer
THANK YOU Q&A info@cyberminute.com CyberMinute Stefan Mathuvis stefan@qma.be

Empfohlen

ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 

Empfohlen

ISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdfISO 27001_2022 What has changed 2.0 for ISACA.pdf
ISO 27001_2022 What has changed 2.0 for ISACA.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptxISO 27001 Awareness/TRansition.pptx
ISO 27001 Awareness/TRansition.pptx
Dr Madhu Aman Sharma
 
27001 awareness Training
27001 awareness Training27001 awareness Training
27001 awareness Training
Dr Madhu Aman Sharma
 
Iso 27001 awareness
Iso 27001 awarenessIso 27001 awareness
Iso 27001 awareness
Ãsħâr Ãâlâm
 
ISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process OverviewISO27001: Implementation & Certification Process Overview
ISO27001: Implementation & Certification Process Overview
Shankar Subramaniyan
 
ISO 27001:2022 Introduction
ISO 27001:2022 IntroductionISO 27001:2022 Introduction
ISO 27001:2022 Introduction
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
ISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdfISO 27001:2022 What has changed.pdf
ISO 27001:2022 What has changed.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
What is iso 27001 isms
What is iso 27001 ismsWhat is iso 27001 isms
What is iso 27001 isms
Craig Willetts ISO Expert
 
ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
Dejan Kosutic
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
Naresh Rao
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
Imran Ahmed
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
Pranay Kumar
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
ControlCase
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
SerkanRafetHalil1
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
n|u - The Open Security Community
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
Mart Rovers
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
scttmcvy
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
Andrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
Ralf Braga
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
technakama
 
Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...
Stratos Lazaridis
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
foram74
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
khushboo
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
AvniJain836319
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
PECB
 

Weitere ähnliche Inhalte

Was ist angesagt?

Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
PECB
 
Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...
Stratos Lazaridis
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
NQA
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
PECB
 

Was ist angesagt? (20)

ISO 27001 Benefits
ISO 27001 BenefitsISO 27001 Benefits
ISO 27001 Benefits
 
ISO 27001 2013 isms final overview
ISO 27001 2013 isms final overviewISO 27001 2013 isms final overview
ISO 27001 2013 isms final overview
 
Basic introduction to iso27001
Basic introduction to iso27001Basic introduction to iso27001
Basic introduction to iso27001
 
Isms awareness presentation
Isms awareness presentationIsms awareness presentation
Isms awareness presentation
 
ISO 27001 - Information Security Management System
ISO 27001 - Information Security Management SystemISO 27001 - Information Security Management System
ISO 27001 - Information Security Management System
 
ISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdfISO 27001 2002 Update Webinar.pdf
ISO 27001 2002 Update Webinar.pdf
 
ISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdfISO 27001_2022 Standard_Presentation.pdf
ISO 27001_2022 Standard_Presentation.pdf
 
ISO 27001
ISO 27001ISO 27001
ISO 27001
 
Iso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interpromIso iec 27001 foundation training course by interprom
Iso iec 27001 foundation training course by interprom
 
Implementing ISO27001 2013
Implementing ISO27001 2013Implementing ISO27001 2013
Implementing ISO27001 2013
 
ISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdfISO 27005:2022 Overview 221028.pdf
ISO 27005:2022 Overview 221028.pdf
 
Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001Best Practices in Auditing ISO/IEC 27001
Best Practices in Auditing ISO/IEC 27001
 
Steps to iso 27001 implementation
Steps to iso 27001 implementationSteps to iso 27001 implementation
Steps to iso 27001 implementation
 
Project plan for ISO 27001
Project plan for ISO 27001Project plan for ISO 27001
Project plan for ISO 27001
 
Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...Iso 27001 in images - sample slides from different levels of training, e.g. F...
Iso 27001 in images - sample slides from different levels of training, e.g. F...
 
ISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptxISO_ 27001:2022 Controls & Clauses.pptx
ISO_ 27001:2022 Controls & Clauses.pptx
 
NQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation GuideNQA ISO 27001 Implementation Guide
NQA ISO 27001 Implementation Guide
 
ISMS Part I
ISMS Part IISMS Part I
ISMS Part I
 
27001.pptx
27001.pptx27001.pptx
27001.pptx
 
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information StandardQuick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
Quick Guide to ISO/IEC 27701 - The Newest Privacy Information Standard
 

Ähnlich wie ISO/IEC 27001:2022 – What are the changes?

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
PECB
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
PECB
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
Operational Excellence Consulting
 
ISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version PresentationISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version Presentation
yogaallworks
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
PECB
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
toncik
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
PECB
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
PECB
 

Ähnlich wie ISO/IEC 27001:2022 – What are the changes? (20)

CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to KnowCMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
CMMC, ISO/IEC 27001, ISO/IEC 27032, and NIST – What You Need to Know
 
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27032: How do they map?
 
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness TrainingISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
ISO/IEC 27001:2022 (Information Security Management Systems) Awareness Training
 
541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf541728869-Introduction-to-ISO-27001.pdf
541728869-Introduction-to-ISO-27001.pdf
 
ISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version PresentationISO 27701:2022 Data Privacy New Version Presentation
ISO 27701:2022 Data Privacy New Version Presentation
 
All you wanted to know about iso 27000
All you wanted to know about iso 27000All you wanted to know about iso 27000
All you wanted to know about iso 27000
 
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
Aligning ISO/IEC 27032:2023 and ISO/IEC 27701: Strengthening Cybersecurity Re...
 
Cyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdfCyber resolution ban-ana comparing to ana-nas.pdf
Cyber resolution ban-ana comparing to ana-nas.pdf
 
Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018Privacy in the Cloud- Introduction to ISO 27018
Privacy in the Cloud- Introduction to ISO 27018
 
Information security management system ISMS
Information security management system ISMSInformation security management system ISMS
Information security management system ISMS
 
2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf2022 Webinar - ISO 27001 Certification.pdf
2022 Webinar - ISO 27001 Certification.pdf
 
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
C-SEC|2016 Session 1 Addressing Cyber Threats with Modern Security Framework_...
 
The best way to use ISO 27001
The best way to use ISO 27001The best way to use ISO 27001
The best way to use ISO 27001
 
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC ConsultingTư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
Tư vấn và đào tạo ISO 27001:2022 phiên bản mới bởi HQC Consulting
 
List of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdfList of ISO27000-Family International Standards organisation.pdf
List of ISO27000-Family International Standards organisation.pdf
 
Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018Cloud Services & the Development of ISO/IEC 27018
Cloud Services & the Development of ISO/IEC 27018
 
ISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to knowISO/IEC 27701 vs GDPR: What you need to know
ISO/IEC 27701 vs GDPR: What you need to know
 
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
ISO/IEC 27032, ISO/IEC 27002, and CMMC Frameworks - Achieving Cybersecurity M...
 
Webinar achieving cybersecurity maturity.pdf
Webinar achieving cybersecurity maturity.pdfWebinar achieving cybersecurity maturity.pdf
Webinar achieving cybersecurity maturity.pdf
 
PECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service ManagementPECB Webinar: The alignment of Information Security in Service Management
PECB Webinar: The alignment of Information Security in Service Management
 

Mehr von PECB

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
PECB
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
PECB
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
PECB
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
PECB
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
PECB
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
PECB
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
PECB
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
PECB
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
PECB
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
PECB
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
PECB
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
PECB
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
PECB
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
PECB
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?
PECB
 

Mehr von PECB (20)

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of CybersecurityDORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
DORA, ISO/IEC 27005, and the Rise of AI: Securing the Future of Cybersecurity
 
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI GovernanceSecuring the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
Securing the Future: ISO/IEC 27001, ISO/IEC 42001, and AI Governance
 
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
ISO/IEC 27001 and ISO/IEC 27035: Building a Resilient Cybersecurity Strategy ...
 
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks EffectivelyISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
ISO/IEC 27001 and ISO/IEC 27005: Managing AI Risks Effectively
 
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital TransformationISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
ISO/IEC 27001 and ISO/IEC 27032:2023 - Safeguarding Your Digital Transformation
 
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulationsManaging ISO 31000 Framework in AI Systems - The EU ACT and other regulations
Managing ISO 31000 Framework in AI Systems - The EU ACT and other regulations
 
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
Impact of Generative AI in Cybersecurity - How can ISO/IEC 27032 help?
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
How Can ISO/IEC 27001 Help Organizations Align With the EU Cybersecurity Regu...
 
Student Information Session University KTMC
Student Information Session University KTMC Student Information Session University KTMC
Student Information Session University KTMC
 
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
ISO/IEC 27001 and ISO 22301 - How to ensure business survival against cyber a...
 
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
Integrating ISO/IEC 27001 and ISO 31000 for Effective Information Security an...
 
Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA Student Information Session University CREST ADVISORY AFRICA
Student Information Session University CREST ADVISORY AFRICA
 
IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?IT Governance and Information Security – How do they map?
IT Governance and Information Security – How do they map?
 
Information Session University Egybyte.pptx
Information Session University Egybyte.pptxInformation Session University Egybyte.pptx
Information Session University Egybyte.pptx
 
Student Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptxStudent Information Session University Digital Encode.pptx
Student Information Session University Digital Encode.pptx
 
Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023Cybersecurity trends - What to expect in 2023
Cybersecurity trends - What to expect in 2023
 
ISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management systemISO 28000:2022 – Reduce risks and improve the security management system
ISO 28000:2022 – Reduce risks and improve the security management system
 
ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?ISO/IEC 27005:2022 – What are the changes?
ISO/IEC 27005:2022 – What are the changes?
 

Kürzlich hochgeladen

Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Roshan Dwivedi
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 

Kürzlich hochgeladen (20)

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 

ISO/IEC 27001:2022 – What are the changes?

  • 1.
  • 2. Agenda • ISO/IEC 27001 & ISO/IEC 27002, catching up with history • Quick recap on the ISO/IEC 27002:2022 • From ISO/IEC 27002 to the ISO/IEC 27001 updates • Some considerations & consequences of the update • Hints & tips • What's up next with ISO/IEC 27001, in practice? • Q & A
  • 4. Peter Geelen (CyberMinute) • 20+ years experience in security • Enterprise Security & IAM • Cybersecurity • Data Protection & Privacy • Incident management, Disaster Recovery • Trainer, coach, auditor • ISO27001 Master & Lead ISO27002 • ISO27701 Master • Certified DPO & Fellow In Privacy • Lead Incident Mgr & Disaster Recovery • ISO27032 Sr. Lead Cybersecurity Mgr • Lead ISO27005 (Risk Mgmt) • Accredited Lead auditor ISMS/PIMS/QMS/BCMS • Accredited Security Trainer My experience Certification Accreditation http://www.cyberminute.com https://ffwd2.me/pgeelen More info (LinkedIn): peter@cyberminute.com
  • 5. Stefan Mathuvis (QMA) • 20 years experience in security, • Quality Management & Auditing • DPO as a Service • Cybersecurity • Security, Data Protection & Privacy • Trainer, coach, auditor • ISO27001 Lead Auditor • ISO9001 Lead Auditor • Lead auditor Tisax • Lead auditor GQS • CDPO • PECB trainer • Accredited ISO27001 lead auditor • Accredited 9001 Lead auditor My experience Certification Accreditation http://www.qma.be https://ffwd2.me/stefan More info (LinkedIn): Stefan@qma.be
  • 6. ISO/IEC 27001 & ISO/IEC 27002 Catching up
  • 7. The standard • Certifiable international standard for information security best practices • Main version 2013, with updates 2014, 2015 & 2017 (https://www.iso.org/standard/82875.html) Consists of • Management Clauses • Normative controls Annex ISO/IEC 27001
  • 8. Management Clauses • Based on Harmonized Structure (HS) / High Level Structure (HLS) • Core principles of ISO 9001:2015 • PDCA Cycle ISO/IEC 27001
  • 9. Management Clauses • Principle of continual improvement • PDCA Cycle ISO/IEC 27001
  • 10. Management Clauses • Principle of continual improvement • PDCA Cycle ISO/IEC 27001 Act Plan Do Check Act Plan Do Check Security Improvement Time
  • 11. Annex A (normative) • "Normative" = part of requirements (ref. certification track) • From the ISO/IEC 27001:2022 (ref. 2013) "The information security controls listed in Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2022[1], Clauses 5 to 8 and shall be used in context with 6.1.3. " ISO/IEC 27001
  • 12. Annex A (normative) > link to Clause 6.1.3 ISO/IEC 27001
  • 13. Annex A (normative) • "Normative" = part of requirements (ref. certification track) • From the ISO/IEC 27001:2022 (ref. 2013) "The information security controls listed in Table A.1 are directly derived from and aligned with those listed in ISO/IEC 27002:2022[1], Clauses 5 to 8 and shall be used in context with 6.1.3. " ISO/IEC 27001
  • 14. Annex A (normative) • Annex = Security measures • Security measures • Security = PPT : People, Process & Technology • In fact : (P)PPT -> Physical, People, Process & Technology • Based on, extract from ISO/IEC 27002 • So, ISO first updated 27002:2013 to 2022… ISO/IEC 27001
  • 15. ISO/IEC 27002:2022 quick recap Quick recap
  • 16. More info • PECB Webinar: ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know: https://pecb.com/past-webinars/isoiec-27001--isoiec-270022022-what- you-need-to-know • PECB Magazine: How Does the New Revision of ISO/IEC 27002 Affect ISO/IEC 27001 https://insights.pecb.com/how-does-the-new-revision-of-iso-iec-27002- affect-iso-iec-27001/ ISO/IEC 27002:2022
  • 17. Most important changes (*) • Main structure change • From: operational security, functional organization (Meaning A.5 > A.18) • To: PPPT (3PT) • Process & Policies (organizational) (A.5) • People (A.6) • Physical (A.7) • Technological (A.8) ISO/IEC 27002:2022
  • 18. Important to know • From 114 (v2013) to 93 (v2022) controls • But no controls removed • Consolidation & updates of controls • ISO/IEC 27002:2022 Annex B • Table B.1 mapping 2022>2013 • Table B.2 mapping 2013>2022 • 11 new controls ISO/IEC 27002:2022
  • 19. New controls • A.5.7 Threat intelligence (cyber/cloud/DP) • A.5.23: Information security for cloud services (cloud) • A.5.30: ICT readiness for business continuity (A.17) • A.7.4: physical security monitoring (physical) • A.8.9: Configuration management (alignment ISO 20000) • A.8.10: Information deletion (Data protection) • A.8.11: Data masking (DP) • A.8.12: Data leakage prevention (DP/Cyber) • A.8.16: Monitoring activities (general) • A.8.23: Web filtering (cyber) • A.8.28: Secure coding (Cyber & Application security) ISO/IEC 27002:2022
  • 20. Did you notice… • the change of language (more active language) • the change in focus of audience (employee > staff) • the broader approach & interpretation • Not only information security but also more focus on • Cyber & cloud security • Data protection • physical security ISO/IEC 27002:2022
  • 21. ISO/IEC 27001:2022 From ISO/IEC 27002 to ISO/IEC 27001
  • 22. Walkthrough of the changes • Name change • Document structure changes • Key changes in main clause • Language & content changes ISO/IEC 27001:2022
  • 23. It starts with the front page: name change ISO/IEC 27001:2022
  • 24. It starts with the front page: name change ISO/IEC 27001:2022
  • 25. Table of contents alignment (display level 3) ISO/IEC 27001:2022
  • 27. Foreword • Alignment with ISO directive • Cancels and replaces previous version (2nd edition) including all Technical corrigenda • 2014 • 2015 • 2017 (wrap up of previous corrigenda) • Alignment with harmonized structure Ref: 2021-05_Annex SL_Appendix_2_rev1.pdf ISO/IEC 27001:2022
  • 28. Scope "Excluding any of the requirements specified in Clauses 4 to 10 is not acceptable when an organization claims conformity to this document." ISO/IEC 27001:2022
  • 29. Terms and definitions • 2013: • Only reference to ISO27000 • For your information: free download of ISO27000 (v2018): https://standards.iso.org/ittf/PubliclyAvailableStandards/ • 2022: addition • ISO and IEC maintain terminology databases for use in standardization at the following addresses: • ISO Online browsing platform: available at https://www.iso.org/obp • IEC Electropedia: available at https://www.electropedia.org ISO/IEC 27001:2022
  • 30. Context of organisation • Updated reference to ISO31000:2018 • 4.2 Interested parties (new) • c) which of these requirements will be addressed through the information security management system. • 4.4 ISMS - increased focus on processes • The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document ISO/IEC 27001:2022 clause 4
  • 31. Planning (Risk management) • 6.2 Information security objectives • 2 new sub items • d) be monitored; • g) be available as documented information. • (NEW) 6.3: Planning of changes • When the organization determines the need for changes to the information security management system, the changes shall be carried out in a planned manner. ISO/IEC 27001:2022 clause 6 (Planning)
  • 32. Communication • 7.4 Communication • Simplification of module • d) how to communicate. • e) removed ISO/IEC 27001:2022 clause 7 (Support)
  • 33. Operation 8.1 Operational planning and control ISO/IEC 27001:2022 clause 8 (Operation)
  • 34. Operation 8.1 Operational planning and control • 2013: The organisation shall ensure that outsourced processes are determined and controlled • 2022: The organization shall ensure that externally provided processes, products or services that are relevant to the information security management system are controlled ISO/IEC 27001:2022 clause 8 (Operation)
  • 35. Operation 9.1 Monitoring, measurement, analysis and evaluation • 2013: • The organization shall retain appropriate documented information as evidence of the monitoring and measurement results. • 2022: • Documented information shall be available as evidence of the results. • The organization shall evaluate the information security performance and the effectiveness of the information security management system. ISO/IEC 27001:2022 clause 9 (Performance evaluation)
  • 36. 9.2 (internal audit) & 9.3 (Management review) • New structure 9.2 Internal audit • 2013: single chapter • 2022: • 9.2 • 9.2.1: General • 9.2.2: Internal Audit programme ISO/IEC 27001:2022 clause 9 (Performance evaluation)
  • 37. 9.2 (internal audit) & 9.3 (Management review) • New structure 9.3 Management review • 2013: single chapter • 2022: • 9.3 • 9.3.1: General • 9.3.2: Management review input • 9.3.3: management review results ISO/IEC 27001:2022 clause 9 (Performance evaluation)
  • 38. 10.1 (Continual Improvement) & 10.2 (Non-conformity & corrective action) New structure (position switch) to comply with HS ISO/IEC 27001:2022 clause 10 (Improvement)
  • 40. Some considerations & consequences of the update • More operational language (less passive) • More focus on effective results & evidence • Trying to minimize the "Compliance check list" approach… ISO/IEC 27001:2022
  • 41. Some considerations & consequences of the update • New structure of Annex / ISO/IEC 27002:2022 • From 14 control groups and 114 controls (2013) • Logical / functional organisation matches most business organisation • To 5 control groups and 93 controls (2022) • Large groups • Disconnect from functional organisation Solution: ISO/IEC 27002:2022 - Annex A (informative) • Using attributes (to group the new controls the old way) • Tagging (Table A.1) ISO/IEC 27001:2022
  • 42. Using attributes (suggestions from the standard) • Control types • #Preventive, #Detective, #Corrective • Information security properties • #Confidentiality, #Integrity, #Availability • Cybersecurity concepts (NIST) • #Identify, #Protect, #Detect, #Respond, #Recover) ISO/IEC 27001:2022 Attributes (p1/3)
  • 43. Using attributes (suggestions from the standard) • Operational capabilities (ISO27001:2013) • #Governance, • #Asset_management, • #Information_protection, • #Human_resource_security, • #Physical_security, • #System_and_network_security, • #Application_security, • #Secure_configuration, • #Identity_and_access_management, • #Threat_and_vulnerability_management, • #Continuity, • #Supplier_relationships_security, • #Legal_and_compliance, • #Information_security_event_management, • #Information_security_assurance) ISO/IEC 27001:2022 Attributes (p2/3)
  • 44. Using attributes (suggestions from the standard) • Security domains • #Governance_and_Ecosystem, • #Protection, • #Defence, • #Resilience ISO/IEC 27001:2022 Attributes (p3/3)
  • 45. Using attributes (XLS) ISO/IEC 27001:2022 Attributes
  • 47. Hints & tips • Most of the new control items should be in place already • Cloud • Cyber • Data protection (GDPR driver) • (Physical) • Remap your existing SoA (using the table) • Control mapping tables in ISO27002 ISO/IEC 27001:2022
  • 48. Hints & tips • Physical monitoring vs cloud-only companies? • Risk management ISO/IEC 27001:2022
  • 50. What's up next? • Updates on audit procedures • Certification bodies • Updates on related standards • ISO 27006 (Audit) • ISO 27032 (Cyber) • ISO 27701 (PIMS) • ISO 27035 (Incident management) • … ISO/IEC 27001:2022
  • 52. Reference material PECB Webinars • PECB Webinar: ISO/IEC 27001 & ISO/IEC 27002:2022: What you need to know: • https://pecb.com/past-webinars/isoiec-27001--isoiec-270022022- what-you-need-to-know • PECB Magazine: How Does the New Revision of ISO/IEC 27002 Affect ISO/IEC 27001 • https://insights.pecb.com/how-does-the-new-revision-of-iso-iec- 27002-affect-iso-iec-27001/
  • 53. Reference material PECB Webinars • General link: https://pecb.com/en/webinars • https://pecb.com/past-webinars • Search for • ISO/IEC 27001 • ISO/IEC 27002
  • 54. Reference material PECB Webinars - ISO27005 • 16th November 2022 - What's new in ISO27005:2022 • General link: https://pecb.com/en/webinars • https://pecb.com/past-webinars • Search for • 27001 • 27002 • 27005
  • 55. Reference material Other reference , see Linkedin page: https://www.linkedin.com/pulse/pecb-event-collaterals-isoiec- 270012022-what-changes-peter-geelen/
  • 56. Ramping up… Relevant PECB Training courses
  • 57. Relevant Training Information Security • PECB ISO/IEC 27001 LI (updated) • PECB ISO/IEC 27001 LA • PECB ISO/IEC 27002 LM (v2022) CyberSecurity • PECB ISO/IEC 27032 LI CyberSecurity • PECB Lead Cloud security Manager
  • 58. Other Relevant Training Incident Management • PECB ISO/IEC 27035 LI Risk Management • PECB ISO/IEC 27005 LI
  • 60. Relevant Training PECB ISO/IEC 27001 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27001 Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-implementer Lead Auditor https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27001/iso-iec-27001-lead-auditor
  • 61. Relevant Training PECB ISO/IEC 27002 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27002 Lead Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec- 27002/iso-iec-27002-lead-manager
  • 62. Relevant Training PECB ISO/IEC 27005 - Risk Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 Lead Risk Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27005 /iso-27005-lead-risk-manager
  • 63. Relevant Training PECB ISO/IEC 27035 - Incident Management https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 Lead Incident Manager https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27035 /iso-iec-27035-lead-incident-manager
  • 65. Relevant Training PECB ISO29100 https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer Lead Implementer https://pecb.com/en/education-and-certification-for-individuals/iso-iec-29100- privacy-implementer/iso-29100-lead-privacy-implementer