ISO 27001: ANALYSIS OF CHANGES AND COMPLIANCE FEATURES OF THE NEW VERSION OF THE STANDARD

Yevhenii Kurii, I. Opirskyy
{"title":"ISO 27001: ANALYSIS OF CHANGES AND COMPLIANCE FEATURES OF THE NEW VERSION OF THE STANDARD","authors":"Yevhenii Kurii, I. Opirskyy","doi":"10.28925/2663-4023.2023.19.4655","DOIUrl":null,"url":null,"abstract":"Managing information security in the organization may be a daunting task, especially considering that it may encompass many areas from physical and network security to human resources security and management of suppliers. This is where security frameworks come in handy and put formality into the process of the design and implementation of the security strategy. While there are a bunch of different information security frameworks out in the wild, the most commonly-found and preferred by security professionals worldwide is ISO/IEC 27001. It combines both the quite comprehensive set of security controls to cover the most important security areas and wide applicability which allows applying this framework to all kinds of organizations. While cyberspace is constantly changing, companies should also adapt their approaches to the organization of information security processes. In order to respond to new challenges and threats to cyber security, the International Organization for Standardization (ISO) at the end of 2022 has published an updated version of the ISO/IEC 27001:2022 standard, which from now on should be taken into account by all organizations that aim to implement and certify its information security management system (ISMS). The purpose of this article is to provide a brief overview of the new edition of the popular standard, фтв describe the key changes in the structure and description of security controls; as well as develop recommendations for achieving compliance with the requirements of the updated version of the standard.","PeriodicalId":198390,"journal":{"name":"Cybersecurity: Education, Science, Technique","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"1900-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Cybersecurity: Education, Science, Technique","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.28925/2663-4023.2023.19.4655","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0

Abstract

Managing information security in the organization may be a daunting task, especially considering that it may encompass many areas from physical and network security to human resources security and management of suppliers. This is where security frameworks come in handy and put formality into the process of the design and implementation of the security strategy. While there are a bunch of different information security frameworks out in the wild, the most commonly-found and preferred by security professionals worldwide is ISO/IEC 27001. It combines both the quite comprehensive set of security controls to cover the most important security areas and wide applicability which allows applying this framework to all kinds of organizations. While cyberspace is constantly changing, companies should also adapt their approaches to the organization of information security processes. In order to respond to new challenges and threats to cyber security, the International Organization for Standardization (ISO) at the end of 2022 has published an updated version of the ISO/IEC 27001:2022 standard, which from now on should be taken into account by all organizations that aim to implement and certify its information security management system (ISMS). The purpose of this article is to provide a brief overview of the new edition of the popular standard, фтв describe the key changes in the structure and description of security controls; as well as develop recommendations for achieving compliance with the requirements of the updated version of the standard.
Iso 27001:分析新版标准的变化和符合性特征
管理组织中的信息安全可能是一项艰巨的任务,特别是考虑到它可能包含从物理和网络安全到人力资源安全和供应商管理的许多领域。这就是安全框架派上用场的地方,它使安全策略的设计和实现过程变得正式。虽然目前有很多不同的信息安全框架,但全球安全专业人员最常用和最喜欢的是ISO/IEC 27001。它结合了相当全面的安全控制集,涵盖了最重要的安全领域,并且具有广泛的适用性,允许将该框架应用于所有类型的组织。随着网络空间的不断变化,公司也应该调整他们的方法来组织信息安全流程。为了应对网络安全面临的新挑战和威胁,国际标准化组织(ISO)于2022年底发布了ISO/IEC 27001:2022标准的更新版本,从现在开始,所有旨在实施和认证其信息安全管理体系(ISMS)的组织都应考虑到这一标准。本文的目的是简要概述新版本的流行标准,фтв描述安全控制的结构和描述中的关键变化;并提出符合标准更新版本要求的建议。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
求助全文
约1分钟内获得全文 求助全文
来源期刊
自引率
0.00%
发文量
0
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
确定
请完成安全验证×
copy
已复制链接
快去分享给好友吧!
我知道了
右上角分享
点击右上角分享
0
联系我们:info@booksci.cn Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。 Copyright © 2023 布克学术 All rights reserved.
京ICP备2023020795号-1
ghs 京公网安备 11010802042870号
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术官方微信