ISO27002 / ISO 27002
ISO27002 is a code of practice for information security, officially titled "Information Technology - Security Techniques - Code of Practice for Information Security Management'. It was formerly called ISO17799, having adopted the current name in July 2007.
It details hundreds of specific security controls which may be applied to secure information and related assets. It comprises 115 pages organized over 15 major sections. These are as follows:
Terms & Definitions
Organization of IS
Physical & Environmental Security
Communications and Ops Management
IS Acquisition, Ddevelopment and Maintenance
It was prepared by the Joint Technical Committee ISO/IEC JTC1 and this latest version was published in June 2005. The renumbering of the standard, to ISO 27002, was undertaken to enable alignment with a new ISO 27000 numbering system for information security, specifically to underpin its relationship with ISO 27001.
ISO 27002 can be obtained stand alone, with ISO 27001, or as part of the ISO 27000 Toolkit. In all three cases, the purchase and download can be perfomed via the links on our ISO 27002 PURCHASE PAGE