Language:

Changes in the audit of controls according to the new version of ISO/IEC 27002:2022

Vysokoškolské kvalifikační práce obhájené na VŠE jsou veřejně dostupné online. https://knihovna.vse.cz/navody/vskp Theses and disertations defended at University of Economics, Prague are freely available online. https://knihovna.vse.cz/navody/vskp

Digital Resources/Online E-Resources

Citations Cited by

Actions
1. Add to My Research
2. Remove from My Research
3. E-mail
4. Print
5. Permalink
6. Citation
7. EasyBib
8. EndNote
9. RefWorks
10. Delicious
11. Export RIS
12. Export BibTeX

Title:
Changes in the audit of controls according to the new version of ISO/IEC 27002:2022
Author: Milosavljevic, Nikola
Subjects: Information security ; ISMS ; ISO/IEC 27001 ; ISO/IEC 27002 ; IT Audits
Description: The standard ISO/IEC 27002 was revised, and a new version was published in 2022, changing the list of information security controls given in the standard. Due to this revision, the certification audit process for the standard ISO 27001 certification will be impacted. The primary goal of this paper is to analyse newly introduced controls and their impact on the certification audit process against the standard ISO/IEC 27001. The paper starts with an overview of the ISO 27000 family and main standards and an overview of changes introduced in new versions of both ISO/IEC 27001 and ISO/IEC 27002, followed by an overview of the theory behind audits and information security audits. All new controls from the standard ISO 27002 are described and discussed in terms of risks, control, and testing steps. For each of these controls, a risk control matrix (RCM) is developed and presented in the paper. A demonstration of developed RCMs is conducted through the Case Study written on the example company. It is described how the new controls will impact the example company and what evidence will have to be collected to provide assurance that the new controls are designed and operating effectively. The standard ISO/IEC 27002 was revised, and a new version was published in 2022, changing the list of information security controls given in the standard. Due to this revision, the certification audit process for the standard ISO 27001 certification will be impacted. The primary goal of this paper is to analyse newly introduced controls and their impact on the certification audit process against the standard ISO/IEC 27001. The paper starts with an overview of the ISO 27000 family and main standards and an overview of changes introduced in new versions of both ISO/IEC 27001 and ISO/IEC 27002, followed by an overview of the theory behind audits and information security audits. All new controls from the standard ISO 27002 are described and discussed in terms of risks, control, and testing steps. For each of these controls, a risk control matrix (RCM) is developed and presented in the paper. A demonstration of developed RCMs is conducted through the Case Study written on the example company. It is described how the new controls will impact the example company and what evidence will have to be collected to provide assurance that the new controls are designed and operating effectively.
Publisher: Vysoká škola ekonomická v Praze
Creation Date: 2023
Language: English
Source: Databáze VŠKP

Back to results list


INSPIRE LIBRARY - TON DUC THANG UNIVERSITY	(84-028) 37 755 057	Feedback
19 Nguyen Huu Tho St. Dist.7, HCM	thuvien@tdtu.edu.vn	Feedback

Changes in the audit of controls according to the new version of ISO/IEC 27002:2022

Vysokoškolské kvalifikační práce obhájené na VŠE jsou veřejně dostupné online. https://knihovna.vse.cz/navody/vskp Theses and disertations defended at University of Economics, Prague are freely available online. https://knihovna.vse.cz/navody/vskp

Searching Remote Databases, Please Wait