International Organization for Standardization / International Electrotechnical Commission 27002
Creates and structures models of an Information Security Management System (ISMS) and an Information Security Program (ISP)
- Defines asset management for the organization
- Examines controls to maintain human resource, physical, environmental, and equipment security
- Discusses communications and operational management
- Mandates the use of access controls
- Defines information systems acquisition, development, and maintenance
- Ensures information security incident and business continuity management
- Demands and discusses compliance with information security laws, standards, regulations, and policies
The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) publishes the ISO/IEC 27002 standard titled, Information Technology- Security Techniques: Code of Practice for Information Security Management. ISO/IEC 27002 is a renumbering of the standard called ISO/IEC 17799:2005 in order to be brought into alignment with the 27000 series of standards. ISO/IEC 27002 provides requirements for creating, implementing, operating, maintaining, auditing, and enhancing an organization´s Information Security Management System. The ISO/IEC provides the best practices for the creation and maintenance of an effective ISMS.
|
