ISO 27002 version 2022, towards an optimized security posture thanks to next-generation GRC solutions

Like all cybersecurity experts, CISOs are familiar with ISO 27002. Some are inspired by it to ensure the health of their company's information system, or to maintain ISO 27001 certification for their ISMS, while others consider it from a distance, seeing no interest in it for their organization. And yet, this standard is far from being reserved only for a certain category of companies, subject to specific regulations, especially since it was updated. In fact, it can help improve the cybersecurity posture of any organization, and provide a clear picture of this posture... provided you know how to use it, and with which tool.

Share

ISO 27002 version 2022 in brief

It would be wrong to reduce ISO 27002 to a mere appendix to ISO 27001, or to a guide to best practices for successful certification. Even if it was historically conceived in this sense, it is today considered as a strategic support for any entity wishing to maintain the security of its information system at a good level.

The new version, recently published, has been redesigned to incorporate all the risks associated with new technological developments, and the threats that the IT world has encountered over the last 10 years: the explosion in teleworking, migration to the Cloud, use of multiple applications... This update makes ISO 27002 even more interesting to use, even for companies not concerned by ISO 27001 certification. It provides all the elements needed to build your own cybersecurity strategy, as well as the processes you need to follow to maintain your IS in a secure posture.

 

Strengthen your cybersecurity with ISO 27002

While this standard can help CISOs, one of its major characteristics is its exhaustiveness, which implies a large volume of data to be processed. But deploying a cybersecurity strategy also involves other elements, such as implementation planning, monitoring, verification of the implementation of actions and controls, all of which can have an impact on the expected level of security.

A tool such as Excel can be used to manage this project. However, it will quickly become outdated in view of the amount of information to be handled (consolidated, reported), and may even hinder the proper management of the safety policy, putting the company at risk. The same applies to home-made tools.

 

How can CISOs avoid this pitfall?

In recent years, the cybersecurity market has seen the arrival of cybersecurity management tools. Initially dedicated to GRC - Governance, Risk, Compliance - these tools have evolved to cover the entire perimeter managed by CISOs. They enable CISOs to manage their governance activities, in the same way that a HR or CFO has his or her own governance tool, via a dashboard, bringing together all cybersecurity-related subjects. They enable them to design, build, operate and control their security strategies.

CISOs who have chosen to switch to these solutions have left their Excel spreadsheets behind, and benefit from a host of advantages that help them manage their security strategy on a daily basis.

Tenacy facilitates ISO 2700X compliance

The Tenacy platform, designed by and for CISOs, helps them to better manage cybersecurity in order to reduce the risks they face, while optimizing their productivity time. Adopting a tool such as Tenacy becomes an obvious choice if you want to better protect your organization.

Contact us