The ISO 27002 standard was originally published as
a rename of the existing ISO 17799 standard, a code of practice for information
security. It basically outlines hundreds of potential controls and control
mechanisms, which may be implemented, in theory, subject to the guidance
provided within ISO 27001.
a rename of the existing ISO 17799 standard, a code of practice for information
security. It basically outlines hundreds of potential controls and control
mechanisms, which may be implemented, in theory, subject to the guidance
provided within ISO 27001.
The
standard “established guidelines and general principles for initiating,
implementing, maintaining, and improving information security management within
an organization”. The actual controls listed in the standard are intended
to address the specific requirements identified via a formal risk assessment.
The standard is also intended to provide a guide for the development of
“organizational security standards and effective security management
practices and to help build confidence in inter-organizational
activities”.
standard “established guidelines and general principles for initiating,
implementing, maintaining, and improving information security management within
an organization”. The actual controls listed in the standard are intended
to address the specific requirements identified via a formal risk assessment.
The standard is also intended to provide a guide for the development of
“organizational security standards and effective security management
practices and to help build confidence in inter-organizational
activities”.
The
basis of the standard was originally a document published by the UK government,
which became a standard ‘proper’ in 1995, when it was re-published by BSI as
BS7799. In 2000 it was again re-published, this time by ISO ,as ISO 17799. A
new version of this appeared in 2005, along with a new publication, ISO 27001.
These two documents are intended to be used together, with one complimenting
the other.
basis of the standard was originally a document published by the UK government,
which became a standard ‘proper’ in 1995, when it was re-published by BSI as
BS7799. In 2000 it was again re-published, this time by ISO ,as ISO 17799. A
new version of this appeared in 2005, along with a new publication, ISO 27001.
These two documents are intended to be used together, with one complimenting
the other.
In
2013 the current version was published. ISO 27002:2013 contains 114 controls,
as opposed to the 133 documented within the 2005 version. However for
additional granularity, these are presented in fourteen sections, rather than
the original eleven.
2013 the current version was published. ISO 27002:2013 contains 114 controls,
as opposed to the 133 documented within the 2005 version. However for
additional granularity, these are presented in fourteen sections, rather than
the original eleven.
