ISO 27001 Controls Handbook

The international standard ISO/IEC 27001:2022 contains requirements for setting up and maintaining an information security management system (ISMS). It also contains an Annex A with 93 controls. ISO 27001 Controls Handbook (440 pages) is about those 93 controls. The wording of the 93 controls is often difficult to understand. Studying the normative texts and searching for their meaning sometimes leads to more questions than answers. Why are the controls so general and vague? The ISO/IEC 27001 standard is intended “to be applicable to all organizations, regardless of type, size or nature”. This also applies to the 93 controls mentioned in the Standard: they are intended for all types of organizations, in all countries of the world. This handbook explains what the 93 controls of the ISO/IEC 27001 standard are about. Once you understand the idea and scope of a control, you can implement them in a way that suits the information security risks of your organization. This book bridges the world of ISO/IEC 27001 and the real world, introduces you to topics that may be of interest to explore further, and discusses connections with the GDPR (EU).