Exam focus
Control attributes are optional metadata for analysis and mapping. They do not replace risk assessment, control selection, or the SoA.
Topic Summary
ISO/IEC 27002 attributes help categorize controls by properties such as control type, information security properties, cybersecurity concepts, operational capabilities, and security domains.
Key Concepts
- Attributes support control selection and review.
- Attributes help identify imbalance or over-protection.
- Attributes can help map to other frameworks.
- Attributes are not certification requirements by themselves.
Common Exam Traps
- Saying attributes are mandatory ISO/IEC 27001 requirements.
- Saying attributes replace the Statement of Applicability.
- Choosing cost reduction as the main purpose.
Related Notes
- Iso27002
- Exam
Note Metadata
Source: 09-Exam-Preparation/EXAM-003-ISO27002-Control-Attributes.md