Expert Advice Community

Guest

VAPT, cybersecurity and ISO 27001

  Quote
Guest
Guest user Created:   May 15, 2018 Last commented:   May 15, 2018

VAPT, cybersecurity and ISO 27001

How far technical aspects of VAPT or cybersecurity covered by ISO27001:2013?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal May 15, 2018

Answer: ISO 27001 is a management standard, so it does not go far on technical aspects of security controls, including VAPT (Vulnerability Assessment and Penetration Test). It focus on establishing control objectives (which should be achieved by implementing the controls) and general requirements for applicable controls. ISO 27002, a supporting standard for implementation of ISO 27001 controls, provides additional details and guidance for controls implementation, but also does not go deep on technical details.

For details regarding cyber security, you should consider the ISO 27032 standard, which provides specific information about cybersecurity related controls. For more information, see this article: ISO 27001 vs. ISO 27032 cybersecurity standard https://advisera.com/27001academy/blog/2015/08/25/iso-27001-vs-iso-27032-cybersecurity-standard/

These articles will provide you further explanation about ISO 27001 controls:
- The basic logic of ISO 27001: How does in formation security work? https://advisera.com/27001academy/knowledgebase/the-basic-logic-of-iso-27001-how-does-information-security-work/
- ISO 27001 vs. ISO 27002 https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

May 15, 2018

May 15, 2018

Suggested Topics