ISO 27002 Information technology Security techniques Code of practice for information security controls, This International Framework includes guidance for organization information security policies and information security management activities including identification, implementation and control management taking into account the information security risk environment(s) of the enterprise.
Related Product : ISO 27001 Lead Auditor Training And Certification ISMS
ISO 27002 has been designed for organization that plan to:
- Choose controls provided by ISO / IEC under the implementation method of an information security management system
- Implement commonly accepted security controls on informational assets
- Developing their own information security guidelines
ISO/IEC 27000, Information technology — Security techniques — Information security management systems — Overview and vocabulary.
Terms and Definitions- Refer definitions given in ISO 27000
Structure of ISO 27002
- 14 Security Clauses
- 35 Security Control Objectives
- 114 Security Controls
Each security clause definition contains one or more of the security objectives. During this standard, the order of the clauses doesn’t not indicate its importance. Counting on the circumstances, security controls under any or all of the clauses may be relevant, thus, any company implementing this standard should define the applicable controls, the importance of such controls and their application to individual business processes. Moreover, list of clauses in this standard are not in priority order.
Here at Infosavvy (Mumbai), we guide you with in-depth understanding of these Clauses, various controls objectives as well as the controls, we enlighten you with the right implementation of these controls at a right business process. Learning about 27002 is covered in the global certification IRCA CQI ISO 27001:2013 Lead Auditor (LA) and ISO 27001 Lead Implementer (LI) (training (certified by TÜV SÜD)
Each Security control objective includes:
- an impact objective stating what’s to be achieved;
- one or more controls which will be applied to realize the control objective
Control descriptions are designed as follows:
- Control- it defines about the control statement which will aim to satisfy control objective
- Implementation Guidance – Provides more comprehensive information to help tracking implementation and the purpose of the control. The advice may not be completely acceptable or necessary circumstances and does not satisfy the particular control criteria of the company.
- Other Information- Provides additional information, such as legal considerations and references to certain requirements, to be considered.
Note- This part is not shown if there is no other information to be given.
Questions related to this topic
1. Is ISO IEC 27001 on information technology security techniques Information Security Management System requirements?
2. How many controls are there in ISO 27001?
3. What are the controls in ISO 27001?
4. What are the 14 domains of ISO 27001?
5. Explain ISO 27002 Information technology Security techniques Code of practice for information security controls?
Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092
Contact us – www.info-savvy.com