ISO/IEC 27002

International Organization for Standardization / International Electrotechnical Commission 27002

Creates and structures models of an Information Security Management System (ISMS) and an Information Security Program (ISP)

• Defines asset management for the organization
• Examines controls to maintain human resource, physical, environmental, and equipment security
• Discusses communications and operational management
• Mandates the use of access controls
• Defines information systems acquisition, development, and maintenance
• Ensures information security incident and business continuity management
• Demands and discusses compliance with information security laws, standards, regulations, and policies

The International Organization for Standardization (ISO) and International Electrotechnical Commission (IEC) publishes the ISO/IEC 27002 standard titled, Information Technology- Security Techniques: Code of Practice for Information Security Management. ISO/IEC 27002 is a renumbering of the standard called ISO/IEC 17799:2005 in order to be brought into alignment with the 27000 series of standards. ISO/IEC 27002 provides requirements for creating, implementing, operating, maintaining, auditing, and enhancing an organization´s Information Security Management System. The ISO/IEC provides the best practices for the creation and maintenance of an effective ISMS.