Hang tight while we fetch the video data and transcripts. This only takes a moment.
Connecting to YouTube player…
Fetching transcript data…
We’ll display the transcript, summary, and all view options as soon as everything loads.
Next steps
Loading transcript tools…
What is ISO/IEC 27002:2022? What is the purpose and the structure of this standard? All explained | RIGCERT | YouTubeToText
YouTube Transcript: What is ISO/IEC 27002:2022? What is the purpose and the structure of this standard? All explained
Skip watching entire videos - get the full transcript, search for keywords, and copy with one click.
Share:
Video Transcript
Video Summary
Summary
Core Theme
ISO 27002:2022 is a revised international standard providing guidance on implementing information security, cybersecurity, and privacy controls. The third edition significantly restructures the controls, reducing their number and categorizing them into four main areas, each with associated attributes for filtering and application.
Mind Map
Click to expand
Click to explore the full interactive mind map • Zoom, pan, and navigate
[Music]
let's see some more information about iso
iso
27002 i have explained what this
standard is namely a guidance standard
designed to be used by companies by
organizations of all types and sizes as
a reference for determining and for
implementing information security cyber
security and privacy controls
this is not the first edition of the
standard it is the third one the first
edition of iso 27002 was published in 2005
2005
then the standard was
revised and the new edition came out in 2013.
2013.
today as i'm creating this online course
the third edition of the standard has
not been published yet i am actually
using the final draft of the
international standard but it is
expected that in the first part of 2022
we will have the new edition of iso
27002 published
if you are familiar with the previous
edition of the standard the one from 2013
2013
then you will see that there are some
changes some new controls have been
introduced some
of the controls in the previous edition
have been merged some of them have been
eliminated instead of having
114 security controls divided into 14
categories this is what we had in the
2013 edition of the standard now we only
have 93 controls divided into four categories
categories
this process of revising standards
periodically is a normal one it is
intended to ensure that the standards
remain up to date and that they follow
the latest developments
is the purpose of this standard as i
said it can be used in the context of an
information security management system
according to iso 27001
it can also be used by an organization
that is not necessarily looking to
implement an isms but only wants to
apply some information security controls
based on
internationally recognized best
practices and also this standard can serve
serve
as a starting point for a company that
wants to develop its own information
about the structure of iso 27002
we have
four categories of controls
organizational controls there are 37 of
them people controls 8 physical controls 14
14 and
and
technological controls 34. a total of 93
controls as i said those categories are
each security control is associated with
a number of attributes as you can see in
this table
by type a control can be preventive
meaning that the control acts before a
threat occurs it can be a detective control
control
that acts when a threat occurs or it can
be a corrective control that acts after
a threat occurs
security control can be only preventive
or detective or corrective or it can
have at the same time multiple
attributes associated with its
type to give you an example
we have a control that refers to the
disciplinary process that should exist
and that should be applied in case an
employee commits a violation of security policies
policies
policy this is of course a corrective
control but it is at the same time a
preventive control because the
disciplinary process should act as a
deterrent to prevent personnel from
violating the company's policies and procedures
procedures
the next category of attributes
information security properties each
control is intended to preserve one or
more characteristics of
information security meaning
confidentiality integrity and availability
availability
cybersecurity concepts is another
category where we have five attributes
identify protect detect respond and recover
recover
operational capabilities attributes are
more 15 exactly governance asset
management information protection human
resource security physical security
system and network security application
security secure configuration
identity and access management threat
and vulnerability management continuity
supplier relationship security legal and
compliance information security event
management and information security
assurance and finally
the last category of attributes security
domains will categorize controls from
the perspective of information security
fields expertise services and products
and the attributes here are governance
and ecosystem protection defense and
resilience so
for each of the 93 controls when i will
presenting a control i will also give
you the attributes
we have a table at the end of the
standard table a1
this is a matrix of controls and
attribute values you have there all the
controls in iso 27002
and the associated attributes for each
one of them
the table i have attached as a
supplementary resource to this video so
you can download it
the idea with those attributes is that
you can filter the controls based on the
attributes for example you can filter to see
see
which security controls are aimed to
preserve the integrity of information or
which controls are let's say preventive controls
it should be noted that not all controls
apply to all organizations there are
companies with no software development
for example so the controls that refer
to software development do not apply in
their case
other companies do not use cryptography
they do not generate cryptographic keys
so the respective controls do not apply
at the same time
it is perfectly public acceptable for an
organization uh to develop and to apply
supplementary controls uh to those in
the standard if the company considers
that the ones in iso 27002 are not
sufficient for its needs good
good
so i think this is enough with the
introductive part from the next video we
will begin discussing the security
controls in iso 27002
and i will follow the structure of the
standard meaning that we will begin with
the organizational controls this is the
first theme
we have 37 controls in this category and
the first of them is called policies for
Click on any text or timestamp to jump to that moment in the video
Share:
Most transcripts ready in under 5 seconds
One-Click Copy125+ LanguagesSearch ContentJump to Timestamps
Paste YouTube URL
Enter any YouTube video link to get the full transcript
Transcript Extraction Form
Most transcripts ready in under 5 seconds
Get Our Chrome Extension
Get transcripts instantly without leaving YouTube. Install our Chrome extension for one-click access to any video's transcript directly on the watch page.
