ISO/IEC 27002 is a guidance document and it is designed to use as a reference for selecting controls while implementing an Information Security Management System (ISMS) based on ISO/IEC 27001 or as a guidebook for organizations implementing commonly accepted information security controls. The current ISO/IEC 27002:2013 edition had been under reviewed since last year by ISO/IEC JTC 1/SC27 and is currently at DIS (Draft International Standard) stage. While part of controls remains unchanged, there are significant changes in control layout and other controls. Since the Annex A of ISO/IEC 27001:2013 is designed to align with ISO/IEC 27002, it is expected that the Annex A of ISO/IEC 27001 would be revised as well after the ISO/IEC 27002 is finalized.
You can download the article that hlights the key changes in the DIS as compared to ISO/IEC 27002:2013 edition. The audience is reminded that the DIS is still under review and the FDIS (Final Draft International Standard) or the final published standard may still vary from the DIS. It is not the purpose of this article to explain or justify the changes.
DOWNLOAD NOW
Units 303 & 305, 3/F, Building 22E,
Phase 3, Hong Kong Science Park,
Pak Shek Kok, New Territories,
Hong Kong, China