Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Attributes Table in 2022 version

  Quote
Guest
Guest user Created:   Apr 28, 2023 Last commented:   Apr 28, 2023

Attributes Table in 2022 version

I took part in your recent "Discover Best-in-class Practices for ISO 27001 Risk Assessment live virtual training". No mention was made of the new Attributes Table in the 2022 version - the text of the Standard would appear to indicate that their use is not compulsory? Can you please clarify and if not mandatory what is their purpose? Many thanks

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Apr 28, 2023

 Please note that “attributes” are defined in ISO 27002, which application is not mandatory for implementation of ISO 27001.

ISO 27002 is a supporting standard that provides guidance for the implementation of ISO 27001 Annex A controls, and the attributes’ purpose is to help organizations sort controls according to specific criteria:

  • Control types: Preventive, Detective, and Corrective
  • Information security properties: Confidentiality, Integrity, and Availability
  • Cybersecurity concepts: Identify, Protect, Detect, Respond, and Recover
  • Operational capabilities: Governance, Asset Management, Information protection, Human resource security, Physical security, System and network security, Application security, Secure configuration, Identity and access management, Threat and vulnerability management, Continuity, Supplier relationships security, Legal and compliance, Information security event management, and Information security assurance
  • Security domains: Governance and ecosystem, Protection, Defense, and Resilience

For example, if an organization’s control implementation strategy is to consider a “type” approach, then the attribute can help the organization identifies which controls have a preventive approach.

For further information, see:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Apr 28, 2023

Apr 28, 2023