Tuesday, April 23, 2024
HomeCyber Security BlogsWhat are the 11 new ISO 27001 Controls?

What are the 11 new ISO 27001 Controls?

ISO 27001 is the international standard for information security management systems. It is constantly evolving to address the changing landscape of cyber security threats. The most recent update in 2022 introduced eleven new controls. Know about these new controls and understand why these are crucial for organizations aiming to achieve ISO 27001 compliance.

5.7: Threat Intelligence

This control emphasizes the importance of gathering and analyzing data related to information security threats. By generating threat intelligence, organizations can gain valuable insights to inform their preventive and responsive actions. 

It is essential for staff members to be trained in recognizing and responding to threats effectively. Use of CybeReady and other training platforms can boost employee awareness about how they can make ISO 27001 controls more effective.

5.23: Information Security for Use of Cloud Services

As organizations increasingly rely on cloud services, it is crucial to establish secure processes for their use, termination, and management. Due to the lack of direct physical control over cloud data, user training, and strong policies are vital for ensuring data integrity.

5.30: Maintaining Information and Communications Technology (ICT) 

This control emphasizes the need for secure and reliable ICT systems to maintain communications and functionality during disruptive cyber attacks. Adequate planning, hardware, and training are necessary to ensure continuity. 

7.4: Monitoring physical security 

While cyber-attacks predominantly occur online, physical security is equally important. Cameras, alarm systems, and security patrols can be implemented to enhance physical security.

8.9: Management of configuration 

To prevent configuration drift and unauthorized changes, organizations must define appropriate security configurations for their technological assets and regularly monitor them. Thorough documentation of configuration setup and review processes is essential.

8.10: Deletion of unnecessary information 

Establishing data retention policies and securely deleting stored data when it is no longer needed is the objective of this control. It is important to reduce storing of sensitive data that is not needed for business requirements anymore. User training should include guidelines on when and how to safely delete unnecessary records.

8.11: Use of data masking

Data masking procedures, such as encryption or anonymization, should be employed whenever possible, particularly during development or testing phases. This control emphasizes the importance of educating staff about the processes and situations for data masking.

8.12: Data Leakage Protection

The focus of this control is to minimize data leakage during storage, transfer, and processing. Policies and processes should be in place to reduce the risk of leakage. Users should be trained on best practices to handle data safely.

8.16: Monitoring Activities

Continuous monitoring of networks, software applications, and technological assets is essential in order to detect suspicious behavior. Users should be informed about the systems and activities being monitored. 

8.23: Web Filtering

Limiting access to external websites is crucial to prevent risky user behavior. Communicating policies and expectations to users is important. It is also essential to train them to identify potentially dangerous sites that are not intercepted by the web filter. 

8.28: Secure Coding

This control emphasizes the establishment of secure coding principles for in-house software developers. Maintaining a safe development environment, implementing measures to avoid unauthorized source code changes, thoroughly documenting changes, and providing relevant training to coders are essential to ensure secure coding practices.

Businesses need to be aware of these new controls and should implement them to enhance their data protection practices.

Know the cyber security course in Kolkata fees and syllabus. 


David Scott
David Scott
Digital Marketing Specialist .


Please enter your comment!
Please enter your name here

Most Popular

Recent Comments

Izzi Казино онлайн казино казино x мобильді нұсқасы on Instagram and Facebook Video Download Made Easy with ssyoutube.com
Temporada 2022-2023 on CamPhish
2017 Grammy Outfits on Meesho Supplier Panel: Register Now!
React JS Training in Bangalore on Best Online Learning Platforms in India
DigiSec Technologies | Digital Marketing agency in Melbourne on Buy your favourite Mobile on EMI
亚洲A∨精品无码一区二区观看 on Restaurant Scheduling 101 For Better Business Performance

Write For Us