How many domains are there in ISO 27002?
How many domains are there in ISO 27002?
14
Published in October 2013, the latest version of ISO 27002 covers 14 security controls areas (numbered from 5 to 18), with implementation guidance and requirements for each specific control.
What are the main items that comprise ISO 27002?
What are the ISO 27001/ISO 27002 controls?
- A.5 Information security policies.
- 7 Human resource security.
- 9 Access control.
- 11 Physical and environmental security.
- 13 Communications security.
- 15 Supplier relationships.
- 17 Information security aspects of business continuity management.
What is the current version of ISO 27002?
IEC 27002:2013
ISO/IEC 27002:2013.
What does ISO 27002 do?
What is ISO 27002? ISO 27002 is a supplementary standard that focuses on the information security controls that organisations might choose to implement. These controls are listed in Annex A of ISO 27001, which is what you’ll often see information security experts refer to when discussing information security controls.
What is the difference between ISO 17799 and ISO 27001?
ISO 17799 provides best practice recommendations for initiating, implementing, or maintaining information security management systems. ISO 27001 is the first standard in a proposed series of information security standards which will be assigned numbers within the ISO 27000 series.
What is the ISO 27002 standard?
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology – Security techniques – Code of practice for information security controls.
What replaced ISO 17799?
ISO 27002
ISO 17799 is expected to be renamed ISO 27002 in 2007. In the works is ISO 27004 – Information Security Management Metrics and Measurement – currently in draft mode. ISO 27001 is the formal standard against which organizations may seek independent certification of their information security management systems.
What is the difference between ISO 27002 and ISO 27003?
If ISO 27001 went into as much detail as ISO 27002, it would be unnecessarily long and complicated. ISO 27002 is only one of these. For example, ISO 27003 covers ISMS implementation guidance and ISO 27004 covers the monitoring, measurement, analysis and evaluation of the ISMS.
What do you need to know about ISO 27002?
ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environment(s). It is designed to be used by organizations that intend to:
When did the ISO 27002 security standard change?
The ISO/IEC standard was revised in 2005, and renumbered ISO/IEC 27002 in 2007 to align with the other ISO/IEC 27000-series standards. It was revised again in 2013. Later in 2015 the ISO/IEC 27017 was created from that standard in order to suggesting additional security controls for the cloud which were not completely defined in ISO/IEC 27002.
Is the ISO 27000 series populated with individual standards?
As with the above topics, the 27000 series will be populated with a range of individual standards and documents. A number of these are already well known, and indeed, have been published.
Which is the best annex for ISO 27002?
ISO/IEC 27001 Annex A summarizes the information security controls from ISO/IEC 27002 on the basis that they are generally applicable good practices, worth considering. However, organizations are free to implement whichever controls they feel are appropriate for their information risks, and may prefer entirely different control suites.