UnixTime

Research Note

EXAM-003 - ISO 27002 Control Attributes

ISO/IEC 27002 attributes help categorize controls by properties such as control type, information security properties, cybersecurity concepts, operational capabilities, and secu...

On this page

Exam focus

Control attributes are optional metadata for analysis and mapping. They do not replace risk assessment, control selection, or the SoA.

Topic Summary

ISO/IEC 27002 attributes help categorize controls by properties such as control type, information security properties, cybersecurity concepts, operational capabilities, and security domains.

Key Concepts

  • Attributes support control selection and review.
  • Attributes help identify imbalance or over-protection.
  • Attributes can help map to other frameworks.
  • Attributes are not certification requirements by themselves.

Common Exam Traps

  • Saying attributes are mandatory ISO/IEC 27001 requirements.
  • Saying attributes replace the Statement of Applicability.
  • Choosing cost reduction as the main purpose.
  • Iso27002
  • Exam

Note Metadata

Source: 09-Exam-Preparation/EXAM-003-ISO27002-Control-Attributes.md