Martha Njeri’s Post

View profile for Martha Njeri, graphic

Data Protection and Privacy Expert || Cybersecurity GRC || Information Security Governance || ICT Risk and Governance|| AI Security and Governance || Certified in Cybersecurity - ISC2||

ISO 27002 - Information Security Controls Gap Assessment. ISO 27002 provides a reference set of information security, cyber security and privacy protection controls. Generally it gives guidance on implementing an ISO 27001 ISMS. As a sequel to yesterdays post where I mentioned Gap Assessments in regards to Data Protection compliance, lets delve further into gap assessments. A Gap Assessment is carried out to analyze the technology, people and  processes against the requirements of the Data Protection Act (DPA),  Data Protection (General) Regulations and global best practice ISO Standards. For now, lets focus on an ISO 27002 Gap Assessment. Remember ISO 27002 guides the implementation of ISO 27001. Key Focus areas: Information Security and Privacy Policies Organization of information security and Privacy Human Resource Security Asset Management Access Controls Cryptography Physical and Environmental Security Operations security Communications security System acquisition, development and maintenance. Supplier relationship Information security and Privacy incident management Information security and privacy aspects of business continuity Compliance with legal, statutory, regulatory and contractual obligations. #privacymanagement #dataprotection #dataprivacy #ISO27002 #Privacy #cyberecurity

  • diagram

To view or add a comment, sign in

Explore topics