I have the standard BS ISO IEC 27002-2005 BS 7799-1-2005, which defines all the risk events and controls for IS. How does this compare with 27001:2013. and which of the new standards also lists the risk events and control?
Answer:
I am sorry but ISO 27002 is not about risks, is only about security controls. You can use these security controls to reduce risks, but the standard that is about information security risks is ISO 27001.
Basically, ISO 27001 provides you tools to identify risks, and ISO 27002 help you to reduce these risks with controls. This article can be interesting for you “ISO 27001 vs. ISO 27002” : https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/
By the way, the last version of ISO 27001 and ISO 27002 is from 2013 (ISO 27001:2013 and ISO 27002:2013), and they are the more important ISO standards related to risks and controls, although others standards related to information security risks are ISO 27005 (best practices for the development of the information security risk management) and ISO 31000 (the same that ISO 27005 but for any type of risk), although they are not new. And others new standards related to security controls are ISO 27017 (information security controls for cloud services) and ISO 27018 (protection of the privacy in the cloud).
These articles can be interesting for you:
"ISO 27001 risk assessment & treatment - 6 basic steps" : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-treatment-6-basic-steps/
"ISO 27001 risk assessment: How to match assets, threats and vulnerabilities" : https://advisera.com/27001academy/knowledgebase/iso-27001-risk-assessment-how-to-match-assets-threats-and-vulnerabilities/
Finally, maybe our online course can be interesting for you “ISO 27001: 2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jan 30, 2016