Guest user Created: Nov 03, 2017 Last commented: Nov 03, 2017

Meaning of information to ISO 27001

I have an issue with this corrigendum. The term "information" is quite wide and can be interpreted in several ways, which adds to the complexity of implementing this control. It would be interesting to know what guidelines ISO 27002 provides in light of the change.
Question refers to this article: European 2017 Revision of ISO/IEC 27001: What has changed? https://advisera.com/27001academy/blog/2017/10/25/european-2017-revision-of-isoiec-27001-what-has-changed/

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Nov 03, 2017

ISO 27002 corrigendum related to change of control objective A.8.1.1 in ISO 27001 does not add any clarification regarding the meaning of information. It only makes texts adjustments regarding the change of control objective. To see this related corrigendum, please access this ISO page: https://www.iso.org/obp/ui/#iso:std:iso-iec:27002:ed-2:v1:cor:1:v1:en

In fact, ISO 27001 series do not define the meaning of information, allowing organizations to use the definition considered more appropriate to their context. So, my recommendation to you is that your organization document a definition for information that is adequate to its context and implement its controls according this definition.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Nov 03, 2017

Expert Advice Community