DEVELOPMENT OF A METHODOLOGY FOR ASSESSING COMPLIANCE WITH ISO 27001 STANDARD

Authors

DOI:

https://doi.org/10.18372/2410-7840.25.17938

Keywords:

information security, cybersecurity, ISO 27001, information security framework, information security management system, gap assessment, gap analysis

Abstract

This document proposes the methodology for assessing organizations' compliance with the new version of the ISO 27001 standard, which was introduced at the end of 2022. The high significance of information security in the modern world requires companies to adapt their practices and policies to the new requirements of the standard. The authors analyze recent research in the field of ISO 27001 implementation and the shortcomings of relevant materials for compliance assessment. The methodology includes the analysis of the new standard requirements, comparing them with the current practices of organizations, iden­tifying gaps between them, developing a plan for imple­menting changes, and monitoring compliance. The provided recommendations will help organizations ensure an effective transition to the new standard, minimize risks, and maintain a high level of information security. This methodology is a relevant tool for organizations seeking to adapt their practices and policies to the new version of the ISO 27001 standard and maintain the security of their information at a high level. This development takes into account the unique needs of organizations and contributes to their successful implementation of new information security practices and requirements. The purpose of this article is to help readers understand the complexity and importance of conducting an initial gap assessment prior to implementing a standard and to highlight the effectiveness of using a detailed checklist when performing a gap analysis. To support the study, a detailed analysis of literature and articles related to the implementation of the ISO 27001 standard in organizations was conducted.

References

ISO/IEC 27001: Information Technology Security Techniques, Information Security Management Sys-tems Requirements. 2013. URL: https: //www.iso. org/standard/54534.html.

ISO/IEC 27002: Information Technology Security Techniques, Code of Practice for Information Secu-rity Controls. 2013. URL: https://www.iso.org/stan-dard/54533.html.

ISO Survey of Management System Standards re-veals 17% increase in certifications. 2020. URL: https:// www.quality . org /article / 2020-iso-survey-management-system-standards-reveals-17-increase-certifications.

ISO 27001 Gap Analysis. URL: https://www.itgovernance.co.uk/iso27001-gap-analysis.

Y. Kurii, I. Opirskyy, L. Bortnik ISO/IEC 27001: 2022, analysis of changes and compliance features of the new version of the standard // Materials of IXth International Scientific and Technical Conference in-formation protection and information systems securi-ty, May 25-26, 2023. Lviv, Ukraine, pp 15-17, ISBN 978-966-941-829-6.

MSECB Transition Policy on Management System Certification to ISO/IEC 27001:2022. URL: https: //msecb.com/wp-content/uploads/2023 / 01 / MS-ECB-Transition-Policy-on-MS-Certification-to-ISO-IEC-27001.pdf?utm_source=sendinblue&utm_ cam-paign=Clients%20ISOIEC%20270012022%20 Transi-tion%20Policy&utm_medium=email.

ISO 27001 2013 vs. 2022 revision. What has changed? URL: https: // advisera. com/ 27001academy/blog/ 2022/02/09/iso-27001-iso-27002/.

Pacaiova, H., Nagyova, A. Risk based thinking. New approach for modern enterprises’ management, Ad-vances in Intelligent Systems and ComputingVolume 783. 2019. pp. 524-5362019 AHFE International Con-ference on Human Factors, Business Management and Society, 2018 Orlando21, July 2018, thro¬ugh 25 July 2018, Code 215359.

Susukailo V., Opirsky I., Yaremko O. Methodology of ISMS Establishment Against Modern Cybersecuri-ty Threats. In: Klymash M., Beshley M., Luntovskyy A. (eds) Future Intent-Based Networking. Lecture Notes in Electrical Engineering, vol 831. 2022. Springer, Cham. https: // doi.org / 10.1007/ 978-3-030-92435-5_15.

What is an ISO 27001 internal audit? URL: https: / /www.vanta.com/glossary/iso-27001-internal-audit.

How to manage changes in an ISMS. URL: https: //advisera.com/27001academy/blog/2015/09 /14/ how-to-manage-changes-in-an-isms-according-to-iso-27001-a-12-1-2/.

Published

2023-10-19