ISO 27001:2022

The new version of ISO 27001 will be released sometime in the Q4 2022.

Major changes will be:

  1. Clauses 4 to 10, are not changing

“ISO/IEC 27001:2022” sections:

ISO 27001:2022ISO 27001:2013 equivalentA.5.7 Threat intelligenceA.6.1.4 Contact with special interest groupsA.5.16 Identity managementA.9.2.1 User registration and de-registrationA.5.23 Information security for use of cloud servicesA.15.x Supplier relationshipsA.5.29 Information security during disruptionA.17.1.x Information security continuityA.5.30 ICT readiness for business continuityA.17.1.3 Verify, review and evaluate information security continuityA.7.4 Physical security monitoringA.9.2.5 Review of user access rightsA.8.9 Configuration managementA.14.2.5 Secure system engineering principlesA.8.10 Information deletionA.18.1.3 Protection of recordsA.8.11 Data maskingA.14.3.1 Protection of test dataA.8.12 Data leakage preventionA.12.6.1 Management of technical vulnerabilitiesA.8.16 Monitoring activitiesA.12.4.x Logging and monitoringA.8.23 Web filteringA.13.1.2 Security of network servicesA.8.28 Secure codingA.14.2.1 Secure development policy

  • A.5.7 Threat intelligence — This control requires organizations to collect and analyze information about threats and mitigate them appropriately. Types of information could include data about specific attacks, methods the attackers are using, and types of attacks. Information should be gathered internally, and from external sources such as vendor reports, government bodies, and industry announcements.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store