On 28 Jan 2021, new format of ISO/IEC DIS 27002 (Information security, cybersecurity and privacy protection – Information security controls) is available and released that it has been technically revised. This third edition mainly focus and suit with the emerging and marketing trends in information technology of cybersecurity and privacy protection.
ISO/IEC 27002 recommends information security controls addressing information security control objectives arising from risks to the confidentiality, integrity and availability of information.
➤ The phrase “Code of Practice” has been dropped from the title of this document to better reflect its purpose of being a reference set of information security controls.
➤ The structure of the document has been updated and amended to avoid overlaps and duplications, presenting the controls using a simple taxonomy and associated attributes.
➤ Some controls have been merged, some deleted and several new controls have been introduced.