ISO/IEC JTC 1/SC 27/WG 1 N 2295 ISO/IEC JTC 1/SC 27/WG 1 Information security management systems Convenorship: BSI (United Kingdom) Document type: Officer's Contribution Title: Draft rev text ISO-IEC 27002 CD1 Marked up Final (based on DoC N2294) Status: This document is being circulated for consideration at the CRM for 1st CD 27002 via ZOOM. NOTE: Zoom editing sessions for this project will take place 2024th April (see WG1 agenda N2224) and on the 15th April. Date of document: 2020-03-24 Source: Project Editors 27002 (FENG, Sabrina: FOURATI Alia: MARINELLI Veronica) Expected action: ACT Action due date: 2020-04-24 Email of convenor: edwardj7@msn.com Committee URL: https://isotc.iso.org/livelink/livelink/open/jtc1sc27wg1 ISO/IEC JTC 1/SC 27 N 19381 ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection Secretariat: DIN (Germany) Document type: Officer's Contribution Title: Draft rev text ISO-IEC 27002 CD1 Markedup Final 20200319 Status: This document is being circulated for consideration at the CRM for 1st CD 27002 via ZOOM. NOTE: ISO/IEC 27002 (status CD) – the editing session for this project is currently proposed to be postponed until the WG1 meeting in Warsaw, Poland Sept 2020. This may be subject to change. Date of document: 2020-03-20 Source: Project editors (Sabrina Feng, Alia Fourati, Veronica Marinelli) Expected action: INFO No. of pages: 199 Email of secretary: krystyna.passia@din.de Committee URL: https://isotc.iso.org/livelink/livelink/open/jtc1sc27 © ISO/IEC 2019 – All rights reserved ISO/IEC JTC 1/SC 27 N Date: 2019-11-14 ISO/IEC CD 27002:2019(E) ISO/IEC JTC 1/SC 27/WG 1 Secretariat: DIN Information security, cybersecurity and privacy protection – Information security controls Warning This document is not an ISO International Standard. It is distributed for review and comment. It is subject to change without notice and may not be referred to as an International Standard. Recipients of this draft are invited to submit, with their comments, notification of any relevant patent rights of which they are aware and to provide supporting documentation. Document type: International Standard Document subtype: Document stage: (30) Committee Document language: E STD Version 2.9d ISO/IEC CD 27002:2019(E) 1 Copyright notice 2 3 4 5 6 This ISO document is a working draft or committee draft and is copyright-protected by ISO. While the reproduction of working drafts or committee drafts in any form for use by participants in the ISO standards development process is permitted without prior permission from ISO, neither this document nor any extract from it may be reproduced, stored or transmitted in any form for any other purpose without prior written permission from ISO. 7 8 Requests for permission to reproduce this document for the purpose of selling it should be addressed as shown below or to ISO's member body in the country of the requester: 9 10 11 12 [Indicate the full address, telephone number, fax number, telex number, and electronic mail address, as appropriate, of the Copyright Manager of the ISO member body responsible for the secretariat of the TC or SC within the framework of which the working document has been prepared.] 13 Reproduction for sales purposes may be subject to royalty payments or a licensing agreement. 14 Violators may be prosecuted. ii © ISO/IEC 2019 – All rights reserved ISO/IEC CD 27002:2019(E) Contents Page 15 16 17 18 19 20 21 22 0 0.1 0.2 0.3 0.4 0.5 0.6 0.7 Introduction ................................................................................................................................................... vii Background and context ............................................................................................................................ vii Information security requirements ...................................................................................................... viii Controls ........................................................................................................................................................... viii Determining controls ................................................................................................................................. viii Developing your own guidelines.............................................................................................................. ix Lifecycle considerations....