all InfoSec news
ISO 27001 vs 27002
Jan. 17, 2022, 6:27 p.m. | /u/YetAnotherHuckster
cybersecurity www.reddit.com
I have never been through an ISO 27001 audit, but need to prepare for one. In comparing the annex controls in 27001 with 27002 details I find a pretty significant difference. Which one, or are both, required for us to implement?
For example; ISO 27001 A.12.2.1 Detection, prevention and recovery controls to protect against malware shall be implemented, combined with appropriate user awareness. Fairly general. But an anti-malware utility combined with an response process to malware scenarios could sufficiently meet …
!-->More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Information Security Engineers
@ D. E. Shaw Research | New York City
Security Solution Architect
@ Civica | London, England, United Kingdom
Information Security Officer (80-100%)
@ SIX Group | Zurich, CH
Cloud Information Systems Security Engineer
@ Analytic Solutions Group | Chantilly, Virginia, United States
SRE Engineer & Security Software Administrator
@ Talan | Mexico City, Spain