ISO/IEC 27002:2022 Controls

Posted on by
ISO/IEC 27002:2022 Controls by Security Properties and Control Types
ISO/IEC 27002:2022 Controls by Security Properties and Control Types
ISO/IEC 27002:2022 Controls by Cybersecurity Concepts and Security Domains
ISO/IEC 27002:2022 Controls by Cybersecurity Concepts and Security Domains

There are 93 distinct controls introduced in ISO/IEC 27002:2022. They are categorized as:
a) people, if they concern individual people;
b) physical, if they concern physical objects;
c) technological, if they concern technology;
d) otherwise they are categorized as organizational.

ISO 27002 ControlsDownload

Control Taxonomy

Each control is associated with five attributes with corresponding attribute values (preceded by “#” to make them searchable), as follows:

  • Control type: Preventive, Detective, and Corrective.
  • Information security properties: Confidentiality, Integrity and Availability.
  • Cybersecurity concepts: Identify, Protect, Detect, Respond and Recover.
  • Operational capabilities: as the following list shows.
  • Security domains: Governance_and_Ecosystem, Protection, Defence and Resilience

Operational Capabilities

  1. Governance
  2. Asset_management
  3. Information_protection
  4. Human_resource_security
  5. Physical_security
  6. System_and_network_security
  7. Application_security
  8. Secure_configuration
  9. Identity_and_access_management
  10. Threat_and_vulnerability_management
  11. Continuity
  12. Supplier_relationships_security
  13. Legal_and_compliance
  14. Information_security_event_management
  15. Information_security_assurance
#Information_security_assurance as an attribute of operational capabilities
#Information_security_assurance as an attribute of operational capabilities

Typo Corrected

The typo of #Information_security_assurance mentioned in 5.22 is corrected on March 24, 2022.

References

Leave a Reply