An In-Depth Guide to the 11 New ISO 27001 Controls

An effective defense against these threats requires a consistent and comprehensive security posture like the one outlined in the ISO 27001 standard.
As daunting as these threats seem, up to 80% can be stopped by adopting security controls.
The last major update, in 2022, introduced eleven new controls designed to keep businesses and their data safer.
Let's examine what these controls involve and why they're essential for information security management systems.
ISO 27001 represents the international benchmark for managing information security systems.
ISO 27001 defines the essential requirements for any organization that takes a systematized approach to data protection and cybersecurity.
ISO 27001 provides guidelines for leadership, planning, support, operational implementation, performance evaluation, and continual improvement, but the most detailed requirements of the standard are the controls listed in a section called Annex A. The standard originally contained 114 different controls organized into fourteen domains, covering fourteen critical areas of information security.
ISO 27001 - Annex A Information security policies Organization of information security Human resource security Asset management Access control Cryptography Physical and environmental security Operations security Communications security System acquisition, development, and maintenance Supplier relationships Information security incident management Information security aspects of business continuity management Compliance.
Not every organization needs to adopt all of the controls.
A related standard, ISO 27002, provides information about implementing these controls.
By identifying the controls relevant to their operations and implementing them, organizations can build a comprehensive, optimized system for detecting and managing cyber threats.
Being able to highlight your security controls and ISO 27001 certification also demonstrates your commitment to strong cybersecurity practices-and their continual improvement-to customers, business partners, and other stakeholders, helping you maintain a positive reputation.
Finally, even in the unfortunate event that a cyberattack does impact your organization, ISO 27001 controls can mitigate the damage and get you back to normal operations as quickly as possible.
The most significant changes have to do with the Annex A controls.
The control structure was revised, the fourteen domains were grouped into four categories, some of the original 114 controls were merged together, and eleven new controls were added, bringing the new total to 93.
If an assessment of your organization determines that you have the relevant risk factors, these controls can provide concrete steps toward safeguarding yourself.
Successful implementation of this and other controls depends on organizational staff being able to recognize threats and respond appropriately.
Training platforms like CybeReady can be one of the best ways to educate staff on their roles in optimizing the efficacy of ISO 27001 controls.
Because cloud data is not under the direct physical control of the organization, strong policies and user training are critical for ensuring data integrity.
Adopting ISO 27001 controls or preparing for a certification audit necessitates comprehensive education and training across the organization, which is essential for successful implementation.


This Cyber News was published on securityboulevard.com. Publication date: Tue, 30 Jan 2024 01:43:04 +0000


Cyber News related to An In-Depth Guide to the 11 New ISO 27001 Controls

An In-Depth Guide to the 11 New ISO 27001 Controls - An effective defense against these threats requires a consistent and comprehensive security posture like the one outlined in the ISO 27001 standard. As daunting as these threats seem, up to 80% can be stopped by adopting security controls. The last ...
10 months ago Securityboulevard.com
CVE-2019-6675 - BIG-IP configurations using Active Directory, LDAP, or Client Certificate LDAP for management authentication with multiple servers are exposed to a vulnerability which allows an authentication bypass. This can result in a complete compromise of the ...
5 years ago
Cybersecurity Standards vs Procedures vs Controls vs Policies - Four interrelated terms used in cybersecurity are Policies, Procedures, Standards, Guidelines, and Controls. Policies are at the top, Standards and Guidelines add detail to policies, Controls are the measured outcome of standards in use, and ...
10 months ago Securityboulevard.com
How to Set Up Internet Parental Controls - Setting up internet parental controls is a great way to reduce the risk of your child viewing inappropriate content on the web. Parental controls are available on most major internet-enabled devices. Parental controls can prevent and filter a variety ...
1 year ago Pandasecurity.com
TISAX: new Catalogue ISA v6 available - ISA 6: The latest version of the ISA catalogue, published in October 2023, with many changes and improvements to address the challenges and needs of the industry. Key changes in ISA 6: New and revised controls to strengthen protection, detection, ...
1 year ago Sorinmustaca.com
New NCCoE Guide Helps Major Industries Observe Incoming Data While Using Latest Internet Security Protocol - PRESS RELEASE. Companies in major industries such as finance and health care must follow best practices for monitoring incoming data for cyberattacks. The latest internet security protocol, known as TLS 1.3, provides state-of-the-art protection, but ...
10 months ago Darkreading.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
Essential Security Certifications for Consumer Mobile Devices: A Comprehensive Guide - In an era dominated by mobile technology, ensuring the security of consumer mobile devices has become paramount. Various certifications play a crucial role in establishing the trustworthiness of these devices, assuring users that their personal data ...
10 months ago Cybersecurity-insiders.com
New Microsoft Incident Response team guide shares best practices for security teams and leaders - The incident response process can be a maze that security professionals must quickly learn to navigate-which is no easy task. Surprisingly, many organizations still lack a coordinated incident response plan, and even fewer consistently apply it. ...
1 year ago Microsoft.com
ImmuniWeb is now ISO 9001 certified - According to the International Organization for Standardization, implementation of ISO 9001 means that the certified organization has put in place effective processes and trained staff to deliver flawless products or services time after time. Today, ...
1 year ago Helpnetsecurity.com
Defending Against AI-Based Cyber Attacks: A Comprehensive Guide - As attackers begin to use AI to automate and improve their tactics, defenders are forced to adapt and develop effective measures to protect their data. Exploit development: AI can automatically generate and tailor exploits to specific ...
1 year ago Securityboulevard.com
NASA launches cybersecurity guide for space industry - NASA has published its first Space Security Best Practices Guide, a 57-page document the agency said would help enhance cybersecurity for future space missions. Concerns about the dangers hackers pose to satellite networks and other space initiatives ...
11 months ago Packetstormsecurity.com
How Can Data Breach Be A Trouble For Your Industry? - To navigate an era of cyber risks, this unsettling reality necessitates a renewed focus on data integrity protection and digital asset protection. In this blog, we will discuss a data breach in the Hospitality industry. Some of the companies like MGM ...
11 months ago Securityboulevard.com
Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast - How CISOs navigate policies and access across enterprisesIn this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and access controls in a ...
10 months ago Helpnetsecurity.com
CISA Unveils Healthcare Cybersecurity Guide - The US Cybersecurity and Infrastructure Security Agency has released a Mitigation Guide specifically tailored for the Healthcare and Public Health sector. The new guide outlines defensive mitigation strategies and best practices to counteract ...
1 year ago Infosecurity-magazine.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)