Blog of cyber
The upcoming version, ISO 27002:2021, also brings a lot of new elements, both in substance and in form. These changes will not be without consequences for CISOs. They echo the normative inflation observed in recent years and deserve in-depth analysis.
In 2021, the flagship framework for information security measures, Annex A of ISO 27001, is evolving, continuing the journey initiated since its original version in 1995. Annex A adapts and offers a new approach to the challenging issue of implementing "cross-functional and efficient" security management.
The 2013 version brought a new distribution of content, notably by incorporating cryptography and supplier relationships into specific security topics. Its upcoming version, ISO 27002:2021, also introduces a range of new elements, both in substance and in form. Many changes, already visible in the draft, will have implications for CISOs. They reflect the growing number of norms observed in recent years and warrant a thorough analysis.
...
