Detailed instructions on the practical steps needed to satisfy the control.
Added controls for Cloud Services, Threat Intelligence, and Secure Coding 4. Strategic Value
Contextual details, such as legal considerations or links to other standards. ISO/IEC 27002:2013
Protecting against malware, data loss, and technical vulnerabilities.
In February 2022, a major update was released. While the 2013 version remains a common reference point for legacy systems, organizations are increasingly transitioning to the 2022 edition. ISO/IEC 27002:2013 ISO/IEC 27002:2022 114 controls 93 controls (due to merging) Organization 14 domains 4 themes: Organizational, People, Physical, Technological Key Addition Control Objectives "Attributes" (tags for risk, type, etc.) New Domains Detailed instructions on the practical steps needed to
Network security and information transfer.
The 2013 version of the standard is organized into , which collectively contain 35 control objectives and 114 specific controls . Core Control Domains: Protecting against malware
Proper use of encryption and key management.