Similarities and differences
On the other hand, ISO 27001 consists of 11 clauses (starting at 0 and ending at 10) that are related with the management system, and also has 13 groups of controls and 114 generic security controls that can be applied to any type of organization. Read this article to get an overview of the security controls: An overview of ISO 27001:2013 Annex A. Many of these controls have similarities with PCI-DSS:
I was reading that and need further clarification on management systems and security controls.
Assign topic to the user
For ISO, a management system is a way in which an organization manages (i.e., plan, implement, operate, review and improve) the interrelated parts of its business in order to achieve its objectives, while security controls are the ways by which risks are reduced to acceptable levels.
These articles will provide you a further explanation about ISO 27001 and its controls:
- What is ISO 27001 https://advisera.com/27001academy/what-is-iso-27001/
- A quick guide to ISO 27001 controls from Annex A https://advisera.com/27001academy/iso-27001-controls/
These materials will also help you regarding ISO 27001 and its controls:
- ISO 27001 Annex A Controls in Plain English https://advisera.com/books/iso-27001-annex-controls-plain-english/
- ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/
The ISO 27001 Foundations Course will give you the best explanation of ISMS and Annex A controls, and their relationship.
Comment as guest or Sign in
Sep 02, 2020