What are the 14 domains under ISO 27001 list of controls

 ISO 27001 is a widely recognized international standard for managing information security. The standard outlines a set of requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS) within the context of the organization. The standard provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.

The standard is organized into 14 sections, also known as domains, which cover various aspects of information security management. Each domain consists of a set of controls that an organization needs to consider when implementing an ISMS. Here are the 14 domains and their respective controls:

  1. Context of the Organization:

    • 4.1 Understanding the organization and its context
    • 4.2 Understanding the needs and expectations of interested parties
    • 4.3 Determining the scope of the information security management system
    • 4.4 Information security management system

  2. Leadership:

    • 5.1 Leadership and commitment
    • 5.2 Policy
    • 5.3 Organizational roles, responsibilities, and authorities

  3. Planning:

    • 6.1 Actions to address risks and opportunities
    • 6.2 Information security objectives and planning to achieve them

  4. Support:

    • 7.1 Resources
    • 7.2 Competence
    • 7.3 Awareness
    • 7.4 Communication
    • 7.5 Documented information

  5. Operation:

    • 8.1 Operational planning and control

  6. Performance Evaluation:

    • 9.1 Monitoring, measurement, analysis, and evaluation
    • 9.2 Internal audit
    • 9.3 Management review

  7. Improvement:

    • 10.1 Nonconformity and corrective action
    • 10.2 Continual improvement

These domains and controls form the basis for establishing, implementing, maintaining, and improving an effective ISMS within an organization according to the ISO 27001 standard

Comments

Post a Comment

Popular posts from this blog

35 heartfelt gifts to give your loved ones this Valentine’s Day

Image
  Since Valentine’s Day gifts are all about showing someone how much you love and care about them, don’t you want them to be extra, extra sweet? To help give you some inspiration, we rounded up 35 valentine day gift ideas that will show them just how much they mean to you. Want more ideas? Check out our  Valentine’s Day gift ideas for him ,  Valentine’s Day gifts for her ,. Happy Valentine’s Day gift ideas for him Parachute Waffle Robe $129 at  Parachute Parachute Waffle Robe Parachute After lots of time at home, chances are your man needs a serious robe upgrade. This unisex style from Parachute is available in lovely earth tones and is light enough for summer but snuggly enough to keep him warm through the winter.  Buy Valentine’s Day gifts online Bagsmart Electronic Organizer $18.99  $16.99 at  Amazon Bagsmart Electronic Organizer Amazon If his home office is beginning to look more like a hoarder’s den, he might need this electronic organizer so he can keep all his cords, adapters an
Read more

CMMI and ISO 27001 Mapping

  CMMI (Capability Maturity Model Integration) and ISO 27001 (Information Security Management System) are two different frameworks, each with its own focus and purpose. While they address related areas of business operations, they are not directly comparable or mappable to each other. However, organizations can leverage both frameworks to enhance their overall cybersecurity and process maturity. Here's an overview of each framework and how they can be related:   CMMI (Capability Maturity Model Integration):   CMMI is a framework for process improvement that focuses on the maturity and capability of an organization's processes across various domains, including software development, systems engineering, and project management. It provides a structured approach to assessing and improving an organization's processes, emphasizing efficiency, consistency, and quality.   CMMI maturity levels range from Level 1 (Initial) to Level 5 (Optimizing), with each level represen
Read more

Overview of ISO 27001 and Importance and benefits of implementing these standards

  ISO 27001 is an internationally recognized standard for Information Security Management Systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability. Here's an overview of ISO 27001 and the importance and benefits of implementing these standards:   Overview of ISO 27001: Scope: ISO 27001 sets out requirements for establishing, implementing, maintaining, and continually improving an ISMS within the context of the organization's overall business risks.   Framework: It follows a Plan-Do-Check-Act (PDCA) approach, emphasizing continual improvement in information security management.   Risk-based approach: ISO 27001 focuses on identifying and mitigating information security risks through risk assessment and treatment processes.   Comprehensive: The standard addresses various aspects of information security, including organizational structure, policies, human resources, asse
Read more