How To Protect Your Employees From Romance Scams
When reading “romance scam” it’s common that the first thing that comes to mind is falling for the classic …
The increased need for information security places an emphasis on organizations to concentrate efforts in protecting their assets by implementing the security standards provided by ISO 27000 series.
At the core of the ISO 27000 series lies ISO 27001. This is a requirements specification standard for a complete and fully functional Information Security Management System (ISMS). Its goal is to enable organizations to implement the necessary controls to maintain security-related risks to acceptable levels.
ISO 27002 is an extension of the ISO 27000 series which serves as a “code of conduct” for selecting security controls within the process of implementing an ISMS and becoming compliant with the ISO 27001 standard.
The last version of the 27002 standard dates from 2013, but ISO announced that later this year a major update will be released: 27002:2021, aka FDIS 27002. which stands for “Final Draft International Standard”. If you want to learn more about ISO document stages, we cover this in more detail in another article: Understanding ISO document stages.
Within the new ISO framework, we expect to see a restructuring of the current controls. Thus, the recognizable 14 control chapters are going away, whereas 4 consolidated chapters will serve as the base for all framework controls. Each framework control will be classified as one of the following:
The original total of 115 controls from Annex A has been reduced to 93, grouped into the 4 previously mentioned chapters. While some controls have been combined, many of the remaining ones have been revised, and the new protocol includes an introduction of 11 brand-new controls:
There is also one that will go away:
Each control will have 5 characteristics that will provide the ability to have alternate refined views, depending on the medium being utilized: a database, spreadsheet, application. These characteristics are defined as:
Imminent changes are not going to be necessary. Since ISO 27002 is merely a code of practice, it is not certifiable (that’s where ISO 27001 comes in). Organizations will have to wait for ISO 27001 to be updated accordingly, which we expect to happen soon after.
When that happens, organizations will still be able to (re)certify their ISMS against the 2013 version for a prolonged period, as ISO will provide a grace period for adapting to the new standard. However, companies should look ahead, as they will need to update their ISMS before the next certification cycle.
When reading “romance scam” it’s common that the first thing that comes to mind is falling for the classic …
October is recognized every year as the Cybersecurity Awareness Month. This campaign encourages individuals and …
If you’re interested in a complete Security Program without the high costs, a cyber security consultant is the best way to start.
Get started Now