Spremembe, ki jih prinašajo nove različice v družini standardov za informacijsko varnost ISO/IEC 27000

Abstract

The family of standards ISO /IEC 27000 represents the most comprehensive series of standards in the field of information security. Their advantage is their general applicability, as they can be implemented quickly and efficiently in any organisation, regardless of its sector or size. The ISO /IEC 27000 family provides organisations with a practical and established framework for information security assessment and certification. As a result, the use of these standards in practise is widespread globally. In 2022, the ISO /IEC 27000 family underwent significant changes, with two of the most important standards receiving new versions. A new version of ISO /IEC 27002 was published in February 2022, and ISO /IEC 27001 in October 2022. The revisions are very important for organisations implementing the requirements of the standards as part of information security management. The aim of this paper is to provide a comprehensive overview of the changes introduced by the new versions ISO /IEC 27001:2022 and ISO /IEC 27002:2022 compared to the 2013 versions. We found that most of the changes were made to Annex A of the ISO /IEC 27001, which required a completely new structure for the ISO /IEC 27002. We have briefly summarized the impact of these changes on organizations applying these standards in their business operations.