Contact Us Today!

DISC InfoSec


 


 

info@deurainfosec.com

deurainfosec.com

Security Risk Assessment and ISO 27001 Gap Assessment

 DISC's ISO 27001 assessment is performed to measure conformance with ISO 27001 specification requirements and ISO 27002 controls.  

The number of security controls in new version of ISO 27002:2022 has decreased from 114 controls in 2013 edition to 93 controls in the 2022 edition. Eliminating risk is seldom a viable option in practice: risk management and reduction is the aim.

Save 25% on the ISO 27001:2022 Gap Assessment to build a roadmap for ISMS

     ISO 27002:2022 Compliance per category - DISC ISO 27001 assessment include but         not limited to the following:

       

  • ISO 27001 2013 required specification requirements
  • ISO 27002 2022 code of practice controls, categories and domains
  • Compliance report by ISO 27001 requirements
  • Compliance report by control ISO 27002 2022
  • Compliance report by category ISO 27002 2022
  • Compliance report by domain ISO 27002 2022

Free assessment of one key objective of your choice - Contact us to book an appointment

The core section of the standard retains its 11 clauses with minor modifications, while significant structural revisions have been implemented in the Annex A controls. Control categories have been rearranged, resulting in a reduction in the total number of controls. Broadly speaking, 11 new controls have been added, 57 controls have been consolidated, 23 controls have been rebranded, and three controls have been eliminated. The introduction of these 11 new controls underscores the heightened significance of Cloud, DevOps, and Personal Information, which have evolved over the past decade.

  • A.5.7 Threat intelligence 
  • A.5.23 Information security for the use of cloud services 
  • A.5.30 ICT readiness for business continuity 
  • A.7.4 Physical security monitoring 
  • A.8.9 Configuration management 
  • A.8.10 Information deletion 
  • A.8.11 Data masking 
  • A.8.12 Data leakage prevention 
  • A.14.1.4 Secure development policy 
  • A.16.2.4 Security of supplier services 
  • A.18.2.3 Protection of personal information in public clouds 

 

ISO 27002:2022 has three control types, #Preventive, #Corrective and #Detective. Some of these controls share more than one control types. There are total 12 Detective, 13 Corrective, and 83 Preventive controls and 15 controls (12+13+83 = 108 -15 = 93) which share more than one control type in ISO 27002:2022 latest guidance. If you like to know more about how and when to start complying with new and latest control guidance, please contact us to book an appointment to discuss the details, how DISC llc can assist your organization with ISO 27001 compliance or certification plans. 

 

To download and review the standard: COPYRIGHT PROTECTED DOCUMENT

DISC llc gap assessment for ISO 27001 & ISO 27002 2013/2022 includes 5 level rating (CMMI) matrix of your choice for each control, category and domain. Our transition plan (strategy roadmap) will enumerate the details of how to get from as-is state to to-be state.


Start your ISMS project with ISO27001 2013 Documentation Toolkit

ISO/IEC 27001 2022 Gap Analysis Tool (Download)

 

Our approach to ISO 27001 Internal Audit

 

ISO/IEC 27001 Certifications of individuals


Download ISO27000 family of information security standards today!

 

 

  • ISO27004 - Information Security Metrics
  • ISO27005 - Information Security Risk Management
  • ISO27017 - Cloud services management
  • ISO27018 - Service management system
  • ISO27701 - Privacy information management system

ISO 27001 tools and templates

Documentation Toolkits

Demonstrate compliance with a wide range of laws, regulations and standards with documentation toolkits.
All our toolkits have been designed and developed by industry experts, giving you peace of mind while saving you time and money at each stage of your project

Read more

ISO 27001 Information Security Policy Template

Create your ISO 27001-compliant information security policy in minutes with our easy-to-use and customizable template, developed by our expert ISO 27001 practitioners.

Read more

Information Security & ISO27001 Staff Awareness eLearning Course

This interactive eLearning course enables employees to gain a better understanding of InfoSec risks and compliance requirements in line with ISO 27001, reducing the organizations's exposure to security threats.

Read more

ISO 27001:2022 Gap Assessment Tool

Use this self-assessment tool to quickly and clearly identify the extent to which your organization has implemented the controls and addressed the control objectives in ISO 27001:2022

Read more

 

 

 

 

 

 

 

 

 

BSI bringing the ISO classroom to your home

?️ Security Risk Assessment Quiz

Test your knowledge of security risk assessment principles

Welcome to the Security Risk Assessment Awareness Quiz

? About This Quiz:
This quiz will test your understanding of security risk assessment methodologies, frameworks, and best practices. You'll answer 20 questions covering risk identification, analysis, evaluation, and treatment.

Security risk assessment is crucial for identifying, analyzing, and mitigating threats to your organization's information assets. This quiz covers industry-standard frameworks and practical scenarios.

Time: 00:00

Quiz Complete!

0%
0/20
Download
Download the Security Risk Assessment Awareness Quiz, open to your browser for a full-screen viewing experience.
security_risk_assessment_quiz.html
HTML document [30.5 KB]

ISO 27001 Risk Assessment Process

Risk analysis process to evaluate your risks based on your risk threshold and

take corrective and preventive actions to mitigate those risks.

 

Download ISMS Implementation STEPS

 

 

 

 

 

 

 

 

Risk Assessment Document Templates



Capability Maturity Model Integration (CMMI) to ISO 27002 

Rating CMM level ISO 27002 level  
0 Non existent Complete lack of recognizable control
1 Initial There is an evidence that security issue exist and needs to be addressed, however no control exist to tackle the issue
2 Repeatable Security control is still in development with limited documentation
3 Defined Security control has been documented and communicated through training, but it is left to individual to follow control
4 Managed It is possible to monitor and measure security control compliance but management of the control is not fully automated
5 Optimized Security control has been refined to a level of ISO code of practice, based on result of continuous improvement

 

Checkout our latest blog post on ISO 27k

ISO27001:2013 high level review for making the transition from ISO27001:2005

Latest ISO 27001 titles at DISC InfoSec Store | eBay | IT Governance

 

Lead Auditor Toolkit - ISO 27001 2013

PenTest as a Service

vciso, ISO 27001, Infosec, Security compliance, Security risk assessment, DISC InfoSec, Vendor risk assessment, vciso services, virtual ciso, Cybersecurity risk management, information security threats, Cyber security risk assessment companies, ISO 27001 risk management, ISO isms, ISO it security, ISMS risk management, Data security management system, Security threat information, Cyber data security, ISMS consulting, Security awareness, ISMS certified,ISMS iimplementer

Print | Sitemap
© DISC InfoSec | Securing 2025 and Beyond
Login

Web ViewMobile View

Logout | Edit page

E-mail