8/22/2023 0 Comments Iso 27002 checkliste![]() On the other hand, ISO 27001 prescribes a risk assessment to be performed in order to identify for each control whether it is required to decrease the risks, and if it is, to which extent it should be applied. The controls in ISO 27002 are named the same as in Annex A of ISO 27001 – for instance, in ISO 27002, control 5.3 is named “Segregation of duties,” while in ISO 27001 it is “A.5.3 Segregation of duties.” But, the difference is in the level of detail – on average, ISO 27002 explains one control on one whole page, while ISO 27001 dedicates only one sentence to each control.įinally, the difference is that ISO 27002 does not make a distinction between controls applicable to a particular organization, and those which are not. The differences between the controls in ISO 27002 and ISO 27001 ![]() ISO 27001 prescribes a risk assessment, while ISO 27002 doesn’t.ISO 27002 takes a whole page to explain just one control, while 27001 dedicates only one sentence to each control.are defined in ISO 27001, but not in ISO 27002. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |