Informational ISO/IEC DIS 27002:2022, to be published soon.

Richard Regalado

Trusted Information Resource
The complete name of this standard (and the latest iteration of the ISO/IEC 27002 standard) is ISO/IEC 27002 Information security, cybersecurity and privacy protection — Information security controls.

From the table of contents, gone are the 14 security domains the exist in the current version. In its place is the following control categories:
  1. Organizational controls
  2. People controls
  3. Physical controls
  4. Technological controls
To purchase the DIS version, see this link: 21/30390394 DC - BS ISO/IEC 27002. Information security, cybersecurity and privacy protection. Information security controls
Last edited by a moderator:


ISO 27002:2022 update: published on Feb 2022.

1. ISO 27002:2022 specifies 93 controls as opposed to 114 in ISO 27002:2013.

2. Instead of 14 clauses, these controls are categorized into four themes which are as follows:
People: 8 controls
Organizational: 37 controls
Technological: 34 controls
Physical: 14 controls

3. The entirely new controls are:
Threat intelligence
Information security for use of cloud services
ICT readiness for business continuity
Physical security monitoring
Configuration management
Information deletion
Data masking
Data leakage prevention
Monitoring activities
Web filtering
Secure coding

4. To make it easier to categorize the controls are associated with five types of attributes:
Control type: Preventive, Detective, and Corrective
Information security properties: Confidentiality, Integrity, and Availability
Cybersecurity concepts: Identity, Protect, Detect, Respond, and Recover
Operational capabilities: Governance, Asset Management, Information Protection, HR Security, Physical Security, System and Network Security, Application Security, Secure Configuration, Identity, and Access Management, Threat and Vulnerability Management, Continuity, Supplier Relationship Security, Legal and Compliance, Information Security Event Management and Information Security Assurance.
Security domains: Governance and Ecosystem, Protection, Defence, and Resilience.

In October 2022, a revised version of ISO 27001 is expected to be released.
Top Bottom