Control 5.25 deals with an organisation’s ability to assess information security events and further categorise them as information security incidents, to be prioritised and dealt with as such by all relevant processes and personnel.
5.25 is a detective control that maintains risk by ensuring that information security events are correctly categorised and prioritised as information security incidents, based on event-specific variables.
Control Type | Information Security Properties | Cybersecurity Concepts | Operational Capabilities | Security Domains |
---|---|---|---|---|
#Detective | #Confidentiality #Integrity #Availability | #Detect #Respond | #Information Security Event Management | #Defence |
Incident Management, in broader terms, is usually applicable to service-related incidents. Given that Control 5.25 deals specifically with information security-related incidents and breaches, taking into account the highly sensitive nature of these events, ownership of Control 5.25 should ideally reside with a CISO, or organisational equivalent.
Given that CISOs are usually only seen within larger companies and enterprise-level organisations, ownership could also reside with the COO, or Service Manager, depending on the nature of the organisation.
Since migrating we’ve been able to reduce the time spent on administration.
Instead of listing specific guidance points, Control 5.25 discusses a qualitative approach to information security incident management that provides organisations with a broad operational scope:
27002:2022-5.25 replaces 27002:2013-16.1.4 (Assessment of and decision on information security events).
27002:2022-5.25 adheres to the same underlying operational principles as 27002:2013-16.1.4, with one small deviations.
27002:2013-16.1.4 refers to an information security incident response team (ISIRT) as being involved in the categorisation and escalation process. 27002:2022-5.25 makes reference to any staff members who are involved in analysing and resolving information security incidents.
In addition, 27002:2022-5.25 draws attention to the adequate categorisation of events, prior to escalation.
With ISMS.online, ISO 27002 implementation is simpler with our step-by-step checklist that guides you through the whole process, from defining the scope of your ISMS through risk identification and control implementation.
Get in touch today to book a demo.
We’ll give you an 81% headstart
from the moment you log in
Book your demo
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
5.7 | New | Threat intelligence |
5.23 | New | Information security for use of cloud services |
5.30 | New | ICT readiness for business continuity |
7.4 | New | Physical security monitoring |
8.9 | New | Configuration management |
8.10 | New | Information deletion |
8.11 | New | Data masking |
8.12 | New | Data leakage prevention |
8.16 | New | Monitoring activities |
8.23 | New | Web filtering |
8.28 | New | Secure coding |
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
6.1 | 07.1.1 | Screening |
6.2 | 07.1.2 | Terms and conditions of employment |
6.3 | 07.2.2 | Information security awareness, education and training |
6.4 | 07.2.3 | Disciplinary process |
6.5 | 07.3.1 | Responsibilities after termination or change of employment |
6.6 | 13.2.4 | Confidentiality or non-disclosure agreements |
6.7 | 06.2.2 | Remote working |
6.8 | 16.1.2, 16.1.3 | Information security event reporting |
ISO/IEC 27002:2022 Control Identifier | ISO/IEC 27002:2013 Control Identifier | Control Name |
---|---|---|
7.1 | 11.1.1 | Physical security perimeters |
7.2 | 11.1.2, 11.1.6 | Physical entry |
7.3 | 11.1.3 | Securing offices, rooms and facilities |
7.4 | New | Physical security monitoring |
7.5 | 11.1.4 | Protecting against physical and environmental threats |
7.6 | 11.1.5 | Working in secure areas |
7.7 | 11.2.9 | Clear desk and clear screen |
7.8 | 11.2.1 | Equipment siting and protection |
7.9 | 11.2.6 | Security of assets off-premises |
7.10 | 08.3.1, 08.3.2, 08.3.3, 11.2.5 | Storage media |
7.11 | 11.2.2 | Supporting utilities |
7.12 | 11.2.3 | Cabling security |
7.13 | 11.2.4 | Equipment maintenance |
7.14 | 11.2.7 | Secure disposal or re-use of equipment |