ISO27002 / ISO 27002
ISO27002 is a code of practice for information security, officially titled "Information Technology - Security Techniques - Code of Practice for Information Security Management'. It was formerly called ISO17799, having adopted the current name in July.
It details hundreds of specific security controls which may be applied to secure information and related assets. It comprises 115 pages organized over 15 major sections. These are as follows:
Introduction
Scope
Terms & Definitions
Structure
Risk Assessment
Policy
Organization of IS
Asset Management
HR Security
Physical & Environmental Security
Communications and Ops Management
Access Control
IS Acquisition, Ddevelopment and Maintenance
Incident Management
BCM
Compliance
It was prepared by the Joint Technical Committee ISO/IEC JTC1 and this latest version was published in June. The renumbering of the standard, to ISO 27002, was undertaken to enable alignment with a new ISO 27000 numbering system for information security, specifically to underpin its relationship with ISO 27001.
ISO 27002 can be obtained stand alone, with ISO 27001, or as part of the ISO 27000 Toolkit. In all three cases, the purchase and download can be perfomed via the links on our ISO 27002 PURCHASE PAGE