Protecting against malware, data loss, and technical vulnerabilities.
Management direction for security.
For each individual control, the standard provides a consistent layout to ensure clarity for security managers: ISO/IEC 27002:2013
Managing third-party risks.
A statement of what the organization should achieve. Protecting against malware
In February 2022, a major update was released. While the 2013 version remains a common reference point for legacy systems, organizations are increasingly transitioning to the 2022 edition. ISO/IEC 27002:2013 ISO/IEC 27002:2022 114 controls 93 controls (due to merging) Organization 14 domains 4 themes: Organizational, People, Physical, Technological Key Addition Control Objectives "Attributes" (tags for risk, type, etc.) New Domains
Security during crises and disruptions.
A brief, specific recommendation for implementation.