ISO 27001 security controls

(How do the 114 controls that are applied in the standard work?)

Answer: The controls stated on Annex A of ISO 27001 standard should be applied to treat risks identified as unacceptable as a result of a risk assessment. Each one of them has characteristics that can be used, alone or in combination with other controls, to minimize the probability of occurrence of a risk or its impact to the organization.

For example, if your risk assessment identifies that the loss of a electronic database is unacceptable, you can decide to mitigate this risk, and by consulting the controls of Annex A, you can decide to apply controls A.12.2.1 (Controls against malware), to minimize chances of a virus or other malicious software compromise your database, and control A.12.3.1 (Information backup) to minimize the impact of information compromise if a risk realizes, by maximizing the data that can be recovered by using a backup.

This article will provide you further explanation about ISO 27001 se curity controls:
- The basic logic of ISO 27001: How does information security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- Overview of ISO 27001:2013 Annex A https://advisera.com/27001academy/iso-27001-controls/
- How to structure the documents for ISO 27001 Annex A controls https://advisera.com/27001academy/blog/2014/11/03/how-to-structure-the-documents-for-iso-27001-annex-a-controls/

These materials will also help you regarding ISO 27001 security controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/