Argana Consulting GmbH 
Let's rather talk about how to solve the problems.

The ISO/IEC 27000 series 

The ISO/IEC 27000 series is a collection of standards and best practices for the information security management system (ISMS) published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). The aim of these standards is to help organisations to implement and maintain an effective information security management system (ISMS).

The ISO/IEC 27000 series comprises a range of standards that relate to various aspects of information security management. The most important standard in this series is ISO/IEC 27001, which defines the requirements for an ISMS and provides a framework for its implementation. Other standards in this series include ISO/IEC 27002, which provides best practices for information security controls, and ISO/IEC 27005, which provides a methodology for risk management of information security systems.

By applying the ISO/IEC 27000 series, organisations can improve their information security practices and increase the trust of customers, partners and other stakeholders in the protection of confidential information.


The ISO/IEC 27000 family (excerpt)
ISO/IEC 27000 refers to the entire 27000 series of standards and is not a single specific document. This series of standards consists of normative and informative standards.

The normative standard is a guideline with binding specifications. Whether and which parts of a normative standard are binding for an organisation depends on the applicability and the scope of application.

The informative standard is a guideline with non-binding, descriptive or explanatory information and often has a recommendatory or explanatory character




Current version ISO/IEC 27001:2022

The current version of ISO/IEC 27001:2022 is more than just a facelift; it has been given a new coat of paint in the truest sense of the word and defines general security measures in line with the state of the art. The previous measures have been grouped into four categories and summarised where appropriate.


The updated standard introduces 37 ‘new terms’, some of which have been taken from other standards (e.g. ISO/IEC 9000, 15489, 22301, 27301,27035, 27050, 29100, 29134, 30000, 31000). For the first time, various abbreviations are also listed, a total of 33, which makes the 2022 edition even more extensive.

It takes into account new trends and changes in the risk situation. However, not only have new measures been implemented, but new or extended requirements have also been added to the known measures. A total of 11 of the 93 measures are new. In particular, the prevention, detection and response to cyber attacks and data protection are becoming more and more important.


Structure of the ISO/IEC 27001:2022 standard
  • ISO/IEC 27001:2013 113 measures
  • ISO/IEC 27001:2022 93 measures in Annex A

 

While the previous version contained 14 chapters, there are now only four:
  • Organisational controls/measures (37 measures)
  • Personalised controls/measures (8 measures)
  • Physical controls/measures (14 measures)
  • Technological controls/measures (34 measures)

 

n addition, the objectives of the measures are explicitly defined and additional attributes are listed that provide further information, e.g. on the mode of action of the measure.


New measures - Appendix A
Annex A of the new version of ISO/IEC 27001:2022 now includes 93 measures, of which the following 11 measures have been newly introduced.
  • Organisation Control A.5.7 Threat Intelligence
  • Organisation Control A.5.23 Information security for the use of cloud services
  • Organisation Control A.5.30 ICT readiness for business continuity
  • Physical Control A.7.4 Physical security monitoring
  • Technological Control A.8.9 Configuration Management
  • Technological Control A.8.10 Deletion of information
  • Technological Control A.8.11 Data masking
  • Technological Control A.8.12 Prevention of data leakage
  • Technological Control A.8.16 Monitoring of activities
  • Technological Control A.8.23 Web filtering
  • Technological Control A.8.28 Secure coding


ISO International Organization for Standardization
https://www.iso.org/home.html