Revised Standard from Last Update.

NATIONAL FOREWORD

This Indian Standard (First Revision) which is identical with ISO/IEC 27002:2022 ‘Information security, cybersecurity and privacy protection - Information security controls’ issued by International Organization for Standardization (ISO) and International Electro technical Commission (IEC) was adopted by the Bureau of Indian Standards on the recommendations of the Information Systems Security and Privacy Sectional Committee, andapproval of the Electronics and Information Technology Division Council.

This standard was originally published in 2018 and was identical with ISO/IEC 27002:2013. First Revision of this Indian standard aligns with ISO/IEC 27002:2022.

The main changes are as follows:

a) the title has been modified;

b) the structure of the document has been changed, presenting the controls using a simple taxonomy and associated attributes;

c) some controls have been merged, some deleted and several new controls have been introduced. The complete correspondence can be found in Annex B.