The part of the management system of an organization dealing with information security is called Information Security Management System (ISMS). The most adopted ISMS standard is ISO 27001:2005. The 2005 version of the standard has been updated in 2013 to provide more clarity and more freedom in implementation, based on practical experiences. This paper compares ISO 27001:2005 and the updated 2013 standard, based on Annex A controls. We classify the controls into five categories of data, hardware, software, people and network. All of the controls defined in Annex A, regardless of their objectives, can easily be allocated to at least one of these categories. Classifying the controls to known categories offers an integrated view of the updated standard and presents a suitable guide for evaluating the performance and efficiency of the updated standard.