Advisory, Blog, Labs October 26, 2022

The third version of ISO / IEC 27001 addresses modern cyber security threats

The Obrela SOC Team

Are you ready to meet your stakeholders’ new cyber security expectations? 

This third version of ISO / IEC 27001 has just been published to address modern cyber security threats and further enhance confidence and trust.

It was announced that on 25th Oct  2022, the International Organization for Standardization published the third edition of “ISO/IEC 27001 Information security, cybersecurity and privacy protection — Information security management systems — Requirements”. In parallel, this day marks the beginning of a three-year transition period for the respective certification scheme where you certify your ISMS system against these new requirements.

The most famous Management System for Information Security (ISMS) in cyber security space, provides new foundations for cyber risk management as well as for new security controls implementation. In regard to the latter, the new standard has been aligned to the Information Security Controls in ISO / IEC 27002:2022.

Specifically, in its Annex A we have four new classes with 93 controls (vs 114 in its previous version). Out of 93 controls, 11 are new, 24 are merged from existing ones in previous version while 58 controls are updated.

How OBRELA can help you achieve this new Standard transition?

The requirements in the new version of the 27001 standard, focus on the need for Threat Intelligence (Control 5.7) and digital risk protection as proactive measures. Additionally, a new requirement has recognized the use of Cloud Services (control 5.23).

OBRELA via its leading “Managed Threat Detection and Response – MDR” Service offering can help you address both the above requirements as well as a variety of controls recommended by ISO 27002.

Additionally, our unique MRC driven-product SWORDFISH, which is OBRELA’s “ERP for Cyber Security”, has enriched its controls library and consequently its Compliance and Audit modules with these new requirements since February 2022. Additionally, SWORDFISH, identifies and classifies assets, security policies, and prioritizes vulnerabilities, collects and analyzes events, and assists in incident response with a state-of-the-art workflow engine.

Finally, OBRELA can team up with you for providing security consulting services, to perform a rapid or 360° assessment of your organization’s current state of controls against the ISO 27002 framework, and identify gaps within your ISMS. We can also develop and review security policies, conduct penetration tests, respond to security incidents, and more.

To learn more on how OBRELA could help you please

Contact us here