ISO 27001/27003 are recognized standards for a company's information security management system (ISMS). ISO 27001 describes the entire procedure, starting with the definition of the scope, through the development of rules, to the training of employees. Closely related to this standard is ISO 27002, which contains reference rules for information security, cybersecurity, data protection and implementation support.
 
The structure of the annex to ISO/IEC 27001/27002 has now been completely revised. Not only have the controls (measures) been reduced from 114 to 93, but the division into four chapters is also new. Particular attention has been paid to the adaptation to the current circumstances of IT and this has been included in the list of topics, for example the topic of T ...