Definition

ISO 27002 (International Organization for Standardization 27002)

The ISO 27002 standard is a collection of information security guidelines that are intended to help an organization implement, maintain, and improve its information security management.

ISO 27002 provides hundreds of potential controls and control mechanisms that are designed to be implemented with guidance provided within ISO 27001. The suggested controls listed in the standard are intended to address specific issues identified during a formal risk assessment. The standard is also intended to provide a guide for the development of security standards and effective security management practices.

ISO 27002 is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO 27002 was originally named ISO/IEC 1779, and published in 2000. It was updated in 2005, when it was accompanied by the newly published ISO 27001. The two standards are intended to be used together, with one complimenting the other. The standards are updated regularly to incorporate references to other ISO/IEC issued security standards such as ISO/IEC 27000 and ISO/IEC 27005, in addition to add information security best practices that emerged since previous publications. These include the selection, implementation and management of controls based on an organization's unique information security risk environment. 

The 2013 publication of ISO 27002 contains 114 controls, including those for:

  • Structure
  • Security policies
  • Organization of information security
  • Human resources security
  • IT asset management
  • Access control
  • Cryptography
  • Physical and environmental security
  • Operations security
  • Communications security
  • Information systems acquisition, development, maintenance
  • Supplier relationships
  • Information security incident management
  • Information security aspects of business continuity
  • Compliance

 

 

Contributor(s): Ben Cole
This was last updated in November 2013
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchCompliance.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: