5.1.
Policies for information security
5.2. Information security roles and responsibilities
5.4. Management responsibilities
Governance 5.5. Contact with authorities
5.6. Contact with special interest groups
5.8. Information security in project management
5.24. Information security incident management planning and preparation
5.35. Independent review of information security
Information
5.36. Compliance with policies, rules and standards for information security security 5.9. Inventory of information and other associated assets
assurance
8.29. Security testing in development and acceptance 5.10. Acceptable use of information and other associated assets
5.11. Return of assets
5.24. Information security incident management planning and preparation
5.14. Information transfer
5.25. Assessment and decision on information security events
5.33. Protection of records
5.26. Response to information security incidents
5.37. Documented operating procedures
5.27. Learning from information security incidents
Information 6.5. Responsibilities after termination or change of employment
5.28. Collection of evidence security event sset
A
6.7. Remote working
management anagement
m
6.8. Information security event reporting
7.3. Securing offices, rooms and facilities
8.15. Logging
7.8. Equipment siting and protection
8.16. Monitoring activities
7.9. Security of assets off-premises
8.17. Clock synchronization
7.10. Storage media
7.13. Equipment maintenance
5.31. Legal, statutory, regulatory and contractual requirements
7.14. Secure disposal or re-use of equipment
5.32. Intellectual property rights
8.1. User endpoint devices
5.33. Protection of records
egal and
L 8.14. Redundancy of information processing facilities
5.34. Privacy and protection of PII compliance
5.36. Compliance with policies, rules and standards for information security
5.10. Acceptable use of information and other associated assets
8.10. Information deletion
5.12. Classification of information
5.13. Labelling of information
5.19. Information security in supplier relationships
5.14. Information transfer
5.20. Addressing information security within supplier agreements
5.33. Protection of records
5.21. Managing information security in the ICT supply chain
upplier
S 5.34. Privacy and protection of PII
5.22. Monitoring, review and change management of supplier services relationships
6.6. Confidentiality or non-disclosure agreements
security
5.23. Information security for use of cloud services Information
6.7. Remote working
6.6. Confidentiality or non-disclosure agreements
protection
8.1. User endpoint devices
8.30. Outsourced development
8.7. Protection against malware
8.10. Information deletion
5.29. Information security during disruption
8.11. Data masking
5.30. ICT readiness for business continuity
8.12. Data leakage prevention
5.37. Documented operating procedures
Continuity
8.6. Capacity management Information Security 8.33. Test information
8.34. Protection of information systems during audit testing
8.13. Information backup Controls by Operational
8.14. Redundancy of information processing facilities Capabilities 6.1. Screening
230206 www.patreon.com/AndreyProzorov ISO 27001/27002:2022 6.2. Terms and conditions of employment
5.7. Threat intelligence
Threat and vulnerability uman
H 6.3. Information security awareness, education and training
5.37. Documented operating procedures resource
management 6.4. Disciplinary process
8.8. Management of technical vulnerabilities
security
6.5. Responsibilities after termination or change of employment
6.6. Confidentiality or non-disclosure agreements
5.15. Access control
5.16. Identity management
5.37. Documented operating procedures
5.17. Authentication information
6.7. Remote working
5.18. Access rights
Identity and access 7.1. Physical security perimeter
5.37. Documented operating procedures
management 7.2. Physical entry
7.2. Physical entry
7.3. Securing offices, rooms and facilities
8.2. Privileged access rights
7.4. Physical security monitoring
8.3. Information access restriction
7.5. Protecting against physical and environmental threats
8.4. Access to source code
hysical
P
7.6. Working in secure areas
8.5. Secure authentication security
7.7. Clear desk and clear screen
7.8. Equipment siting and protection
5.37. Documented operating procedures
7.9. Security of assets off-premises
8.4. Access to source code
7.10. Storage media
8.9. Configuration management
ecure
S
8.18. Use of privileged utility programs configuration 7.11. Supporting utilities
7.12. Cabling security
8.19. Installation of software on operational systems
7.13. Equipment maintenance
8.24. Use of cryptography
7.14. Secure disposal or re-use of equipment
5.37. Documented operating procedures
5.37. Documented operating procedures
8.4. Access to source code
6.7. Remote working
8.18. Use of privileged utility programs
8.7. Protection against malware
8.19. Installation of software on operational systems
8.18. Use of privileged utility programs
8.25. Secure development life cycle
Application 8.20. Network security
8.26. Application security requirements
security
8.21. Security of network services
8.27. Secure system architecture and engineering principles
8.22. Segregation of networks
8.28. Secure coding
8.23. Web filtering
8.29. Security testing in development and acceptance
ystem and
S
8.25. Secure development life cycle
8.30. Outsourced development network security
8.26. Application security requirements
8.31. Separation of development, test and production environments
8.27. Secure system architecture and engineering principles
8.32. Change management
8.28. Secure coding
8.29. Security testing in development and acceptance
8.30. Outsourced development
8.31. Separation of development, test and production environments
8.32. Change management
8.34. Protection of information systems during audit testing
