ISO 27002 — Themes and Attributes + Control Layout

Themes and Attributes

Themes referred to the controls categorization that is (1) Organizational controls (Clause 5) (2) People controls (Clause 6) (3) Physical controls (Clause 7) and (4) Technological controls (Clause 8).

Attributes are basically another view of the controls that is demonstrated in a table format. It consists of 5 values- (1) Control Type (2) Information Security Properties (3) Cybersecurity Concepts (4) Operational Capabilities (5) Security Domains.

a) Control types (#Preventive, #Detective, #Corrective)

b) Information security properties (#Confidentiality, #Integrity, #Availability)

c) Cybersecurity concepts (#Identify, #Protect, #Detect, #Respond, #Recover)

d) Operational capabilities (#Governance, #Asset_management, #Information_protection, #Human_resource_security, #Physical_security, #System_and_network_security, #Application_security,#Secure_configuration, #Identity_and_access_management, #Threat_and_vulnerability_management, #Continuity, #Supplier_relationships_security, #Legal_and_compliance, #Information_security_event_management, #Information_security_assurance)

e) Security domains (#Governance_and_Ecosystem, #Protection, #Defence, #Resilience)

Control Layout

The layout of each control is displayed as shown in the below screenshot. It includes domains, control title…