• Home
  • ISO 27002 INTRODUCTION

Course-Detail

ISO 27002 INTRODUCTION

Information technology – Security procedures – Code of practice for information security controls (ISO/IEC 27002) is an information security standard issued by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Description

Shell donated a corporate security standard to a UK government project in the early 1990s, which became the basis for the ISO/IEC 27000 set of standards. 1st In the mid-1990s, the Shell standard became British Standard BS 7799, which was later adopted as ISO/IEC 17799 in 2000. In 2005, the ISO/IEC specification was revised, and in 2007, it was renamed ISO/IEC 27002 to fit the other ISO/IEC 27000-series specifications.
ISO/IEC 27002 specifies best practices for information security controls for those in charge of developing, enforcing, or managing information security management systems (ISMS). In the context of the CIA triad, information protection is specified within the standard.

More Details


the protection of confidentiality (ensuring that information is only available to those who are allowed to see it), honesty (ensuring that information and processing methods are accurate and complete), and availability (ensuring that authorized users have access to information and associated assets when required).
ISO/IEC 27002 is an advisory standard that can be interpreted and extended to entities of all types and sizes, based on the unique information security threats they face. In practice, this versatility allows users a lot of leeway in implementing information security measures that make sense to them, but it makes it unsuitable for compliance testing, which is relatively simple.
The ISO/IEC 27002:2013 standard (Information technology – Protection procedures – Information security management systems – Requirements) is a generally accepted certification standard. ISO/IEC 27001 lays out a range of specific standards for creating, adopting, sustaining, and enhancing an ISMS, as well as a set of information security controls in Annex A that organizations are encouraged to enforce within their ISMS, as needed. The controls in Annex A are based on ISO/IEC 27002 and are compatible with it.

Enquiry


Interested in this course for your Business or Team?

Train yourself in the most in-demand topics, with edX for Business.

View Courses

View the broucher for this training

Train yourself in the most in-demand topics, with edX for Business.

Download PDF