The Iist of ISO27001_2022 _ ISO27002_2022 preventive controls

#Preventive

Share with your network

ISO27001:2022 / ISO27002:2022 list of preventive controls

What are ISO27001 Preventive Controls?

ISO27001 / ISO27002 Preventive controls aim to decrease the chance of errors and security incidents before they occur

A preventive control (also commonly referred to as a “preventative control”) is a control that is put into place and intended to avoid an incident from occurring.

The Iist of ISO27001:2022 / ISO27002:2022 preventive controls

  • ISO/IEC 27002 5.1 Policies for Information Security
  • ISO/IEC 27002 5.2 Information security roles and responsibilities
  • ISO/IEC 27002 5.3 Segregation of duties
  • ISO/IEC 27002 5.4 Management Responsibilities
  • ISO/IEC 27002 5.5 Contact with Authorities
  • ISO/IEC 27002 5.6 Contact with Special Interest Groups
  • ISO/IEC 27002 5.7 Threat Intelligence
  • ISO/IEC 27002 5.8 Information Security in Project Management
  • ISO/IEC 27002 5.9 Inventory of Information and other associated assets
  • ISO/IEC 27002 5.10 Acceptable Use of Information and other associated assets
  • ISO/IEC 27002 5.11 Return of Assets
  • ISO/IEC 27002 5.12 Classification of Information
  • ISO/IEC 27002 5.13 Labelling of Information
  • ISO/IEC 27002 5.14 Information Transfer
  • ISO/IEC 27002 5.15 Access Control
  • ISO/IEC 27002 5.16 Identify Management
  • ISO/IEC 27002 5.17 Authentication Information
  • ISO/IEC 27002 5.18 Access Rights
  • ISO/IEC 27002 5.19 Information Security in Supplier Relationships
  • ISO/IEC 27002 5.20 Addressing Information Security In Supplier Agreements
  • ISO/IEC 27002 5.21 Managing Information Security In The ICT Supply Chain
  • ISO/IEC 27002 5.22 Monitoring, review and change management of supplier services
  • ISO/IEC 27002 5.23 Information security for use of cloud services
  • ISO/IEC 27002 5.27 Learning from information security incidents
  • ISO/IEC 27002 5.29 Information security during disruption
  • ISO/IEC 27002 5.31 Legal, statutory, regulatory and contractual requirements
  • ISO/IEC 27002 5.32 Intellectual property rights
  • ISO/IEC 27002 5.33 Protection of records
  • ISO/IEC 27002 5.34 Privacy and protection of PII
  • ISO/IEC 27002 5.35 Independent review of information security
  • ISO/IEC 27002 5.36 compliance with policies, rules, and standards for information security
  • ISO/IEC 27002 5.37 Documented operating procedures
  • ISO/IEC 27002 6.1 Screening
  • ISO/IEC 27002 6.2 Terms and Conditions of Employment
  • ISO/IEC 27002 6.3 Information security awareness, education and training
  • ISO/IEC 27002 6.4 Disciplinary process
  • ISO/IEC 27002 6.5 Responsibilities after termination of employment
  • ISO/IEC 27002 6.6 Confidentiality and non disclosure agreements
  • ISO/IEC 27002 7.1 Physical security perimeters
  • ISO/IEC 27002 7.2 Physical entry
  • ISO/IEC 27002 7.3 security offices, rooms and facilities
  • ISO/IEC 27002 7.4 Physical security monitoring
  • ISO/IEC 27002 7.5 Protecting against physical and environmental threats
  • ISO/IEC 27002 7.6 Working in secure areas
  • ISO/IEC 27002 7.7 Clear desk and clear screen
  • ISO/IEC 27002 7.8 Equipement siting and protection
  • ISO/IEC 27002 7.9 Security of assets off premises
  • ISO/IEC 27002 7.10 Storage media
  • ISO/IEC 27002 7.11 Supporting Utilities
  • ISO/IEC 27002 7.12 Cabling security
  • ISO/IEC 27002 8.1 User endpoint devices – new
  • ISO/IEC 27002 8.2 Privileged access rights
  • ISO/IEC 27002 8.3 Information access restriction
  • ISO/IEC 27002 8.4 Access to source code
  • ISO/IEC 27002 8.5 Secure authentication
  • ISO/IEC 27002 8.6 Capacity management
  • ISO/IEC 27002 8.7 Protection against malware
  • ISO/IEC 27002 8.8 Management of technical vulnerabilities
  • ISO/IEC 27002 8.9 Configuration management
  • ISO/IEC 27002 8.10 Information deletion – new
  • ISO/IEC 27002 8.11 Data masking – new
  • ISO/IEC 27002 8.12 Data leakage prevention – new
  • ISO/IEC 27002 8.14 Redundancy of information processing facilities
  • ISO/IEC 27002 8.18 Use of privileged utility programs
  • ISO/IEC 27002 8.19 Installation of software on operational systems
  • ISO/IEC 27002 8.20 Network controls
  • ISO/IEC 27002 8.21 Security of network services
  • ISO/IEC 27002 8.22 Web filtering – new
  • ISO/IEC 27002 8.23 Segregation in networks
  • ISO/IEC 27002 8.24 Use of cryptography
  • ISO/IEC 27002 8.25 Secure development lifecycle
  • ISO/IEC 27002 8.26 Application security requirements – new
  • ISO/IEC 27002 8.27 Secure system architecture and engineering principles – new
  • ISO/IEC 27002 8.29 Security testing in development and acceptance
  • ISO/IEC 27002 8.30 Outsourced development
  • ISO/IEC 27002 8.31 Separation of development, test and production environments
  • ISO/IEC 27002 8.32 Change management
  • IISO/IEC 27002 8.33 Test information
  • ISO/IEC 27002 8.34 Protection of information systems during audit and testing – new

Share with your network
ISO 27001 Templates Toolkit Business Edition Black
ISO27001 Policy Templates Pack Green
Free ISO27001 Strategy Call

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Shopping Cart