I read with great interest your Blog on the Revision Changes to 27002.
Is it perhaps possible to share with me as to whether EACH Control will refer to the required Elements as well as the 5 Control Attributes in relation to determining appropriate Process guidelines?
Please note that the elements (Attribute, Control, Purpose, Guidance, and Other information) are part of each control and that each control is referred to at least one element in the five control attributes. So, by electing one attribute to sort the controls, you can group them according to each element they cover.
For example, control 5.1 Policies for Information Security, in its attribute Control type is classified as preventive, while control 7.4 Physical Security Monitoring in its attribute Control type is classified as preventive and detective.
Considering that, you can work these controls together considering that you can develop a Physical Security Monitoring Policy (a preventive measure), which can define rules for implementing CCTV monitoring and motion sensors for detection of unauthorized access (a detective measure).
For more detailed information about the ISO 27002 revision, please download this free white paper: