A brief, specific recommendation for implementation.
A statement of what the organization should achieve. ISO/IEC 27002:2013
Reporting and learning from security events. A brief, specific recommendation for implementation
ISO/IEC 27002:2013: A Comprehensive Code of Practice for Information Security Controls etc.) New Domains Contextual details
In February 2022, a major update was released. While the 2013 version remains a common reference point for legacy systems, organizations are increasingly transitioning to the 2022 edition. ISO/IEC 27002:2013 ISO/IEC 27002:2022 114 controls 93 controls (due to merging) Organization 14 domains 4 themes: Organizational, People, Physical, Technological Key Addition Control Objectives "Attributes" (tags for risk, type, etc.) New Domains
Contextual details, such as legal considerations or links to other standards.