KEY ASPECTS OF THE UPDATED ISO/IEC 27002:2022 STANDARD

Abstract

The article analyzes the main changes made to ISO/IEC 27002:2022, a standard that contains detailed guidelines for
implementing information security measures. In particular, a key update is considered, which concerns the reduction of the
number of security measures (controls) from 114 to 93 by combining and optimizing them. Attention is drawn to the new
classification structure, according to which controls are now divided into four categories: organizational, human, physical, and
technological. Another innovation is considered in detail - the introduction of attributes, the use of which allows you to more
effectively filter, group, and apply security measures in accordance with the specific needs of the organization. The article also
describes 11 new controls, namely: information security when using cloud services, ICT readiness for business continuity,
configuration management, physical security monitoring, information deletion, data masking, threat intelligence, data leakage
prevention, activity monitoring, web content filtering, and secure coding. The changes introduced in ISO/IEC 27002:2022 are aimed at increasing the adaptability of the standard to the dynamic development of information technologies and meeting the
growing needs of organizations in the field of cybersecurity. This standard can be used by security managers to select, implement
and document information protection measures in accordance with the requirements of ISO/IEC 27001:2022, which will
facilitate the audit and certification process.
Keywords: information security, information security management system, standard, ISO/IEC 27002:2013, ISO/IEC
27002:2022, security measures, controls.

References
1. Million Insights: Market Research Reports, Industry Analysis. 2014. Bring Your Own Device (BYOD) Market
Size & Forecast Report 2012 – 2020. URL: https://www.millioninsights. Com / industry-reports / bring-your-owndevice-byod-market ? utm_source=pressrelease & utm_ medium=referral&utm_campaign=Abnewswire_Shweta_
Sept12&utm_content=Content.
2. Global Bring-Your-Own-Device (BYOD) Industry Research Report, In-Depth Analysis of Current Status and
Outlook of Key Countries 2023-2028. URL: https://www.industryresearch.biz/ global-bring-your-own-device-byodindustry-23044218.
3. Right Scale State of the Cloud Report 2013. URL: https://www.slideshare.net/arms8586/ rightscale-state-ofthe-cloud-report-2013.
4. Flexera 2022 State of the Cloud Report. URL: https://m3comva1.frb.io/uploads/docs/ Flexera-State-of-theCloud-Report-2022.pdf.
5. ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection — Information security
management systems — Requirements. URL: https://www.iso.org/standard/ 54534.html.
6. ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security
controls. URL: https://www.iso.org/standard/75652.html.