Contact Us Today!




 


 

E-mail:info@deurainfosec.com

Special Facebook Promotion

Like us on Facebook and get 10% off your next order.

ISO 27001 Risk Assessment and             Gap Assessment

 DISC's ISO 27001 assessment is performed to measure conformance with ISO 27001 specification requirements and ISO 27002 controls.  

The number of security controls in new version of ISO 27002:2022 has decreased from 114 controls in 2013 edition to 93 controls in the 2022 edition. Eliminating risk is seldom a viable option in practice: risk management and reduction is the aim.

ISO 27002:2022 Compliance per category

       DISC ISO 27K assessment include but not limited to the following:

  • ISO 27001 2013 required specification requirements
  • ISO 27002 2022 code of practice controls, categories and domains
  • Compliance report by ISO 27001 requirements
  • Compliance report by control ISO 27002 2022
  • Compliance report by category ISO 27002 2022
  • Compliance report by domain ISO 27002 2022

ISO 27002:2022 has three control types, #Preventive, #Corrective and #Detective. Some of these controls share more than one control types. There are total 12 Detective, 13 Corrective, and 83 Preventive controls and 15 controls (12+13+83 = 108 -15 = 93) which share more than one control type in ISO 27002:2022 latest guidance. If you like to know more about how and when to start complying with new and latest control guidance, please contact us to book an appointment to discuss the details, how DISC llc can assist your organization with ISO 27001 compliance or certification plans. 

 

To download and review the standard: COPYRIGHT PROTECTED DOCUMENT

DISC gap assessment includes three or six level rating (CMMI) matrix of your choice for each control, category and domain.

Start your ISMS project with
ISO27001 2013 Documentation Toolkit

ISO/IEC 27001 2005 to 2013 Gap Analysis Tool (Download)

 

ISO/IEC 27001 Certifications of individuals


Download ISO27000 family of information security standards today!

ISO 27001 tools and templates

Risk Management Framework

Quickly and easily carry out an ISO27001-compliant risk assessment with vsRisk, the cybersecurity risk assessment tool. vsRisk, the industry-leading ISO27001-compliant risk assessment tool, has simplified and automated the information security risk assessment process for many organisations across the globe, both large and small.

ISO 27001 Information Security Policy Template

Create your ISO 27001-compliant information security policy in minutes with our easy-to-use and customizable template, developed by our expert ISO 27001 practitioners.

Information Security & ISO27001 Staff Awareness eLearning Course

This interactive eLearning course enables employees to gain a better understanding of InfoSec risks and compliance requirements in line with ISO 27001, reducing the organizations's exposure to security threats.

ISO 27002 Gap Assessment Tool

Use this self-assessment tool to quickly and clearly identify the extent to which your organization has implemented the controls and addressed the control objectives in ISO 27002

ISO 27001 Risk Assessment Process

Risk analysis process to evaluate your risks based on your risk threshold and

take corrective and preventive actions to mitigate those risks.

 



Capability Maturity Model Integration (CMMI) to ISO 27002 

Rating CMM level ISO 27002 level  
0 Non existent Complete lack of recognizable control
1 Initial There is an evidence that security issue exist and needs to be addressed, however no control exist to tackle the issue
2 Repeatable Security control is still in development with limited documentation
3 Defined Security control has been documented and communicated through training, but it is left to individual to follow control
4 Managed It is possible to monitor and measure security control compliance but management of the control is not fully automated
5 Optimized Security control has been refined to a level of ISO code of practice, based on result of continuous improvement

Risk Management Framework

Quickly and easily carry out an ISO27001-compliant risk assessment with vsRisk, the cybersecurity risk assessment tool. vsRisk, the industry-leading ISO27001-compliant risk assessment tool, has simplified and automated the information security risk assessment process for many organisations across the globe, both large and small.

Print Print | Sitemap
InfoSec | @ 2021 DISC