A cipher mode (mode of operation) determines how a block cipher is applied to data larger than a single block. Common modes are CBC (Cipher Block Chaining), GCM (Galois/Counter Mode), and CTR (Counter Mode).
In an ISMS context, the choice of cipher mode belongs to the cryptography policy under ISO 27001 Annex A control A.8.24. The differences are security-relevant: GCM provides authenticated encryption (confidentiality and integrity in one step), while CBC requires a separate integrity check (e.g., HMAC). ECB (Electronic Codebook) is considered insecure because identical plaintext blocks produce identical ciphertext blocks. For new implementations, BSI and NIST recommend GCM as the standard mode of operation for AES encryption.