ISO/IEC 27002: Information Security - Code of Practice

Just to let you know, we are no longer updating this section.
This is retained as a resource but nothing new has been added since late 2009. No further additions will be made by the DCC.

Date added 11 August 2009
Last edited 4 November 2009

Full Title

ISO/IEC 27002: Information Technology - Security Techniques - Information Security Management Systems - Code of Practice for Information Security Management

Description

ISO/IEC 27002 gives practical implementation guidance and further information for each of the controls identified in ISO/IEC 27001. It contains guidance on how to select appropriate controls for an implementation, including those essential for legislative compliance and those required for best practice.

Standards Developing Organisations

ISO
IEC

Rights

No information

Lifecycle Actions

Access, Use and Reuse
Store

Standard Framework

Digital Archive Standards

Standard Type

Security Standards

Current Version

Further Information

Alternative Current Versions

None.

Previous Version

2005 - ISO/IEC 17799: Information Technology - Security Techniques - Code of Practice for Information Security Management [external]
Corrected by ISO/IEC 17799:2005/Cor.1:2007. The standard and the correction together are replaced by ISO/IEC 27002:2005

Referenced Standards

IEEE P1363-2000: Standard Specifications For Public-Key Cryptography
ISO 10007:2003 Quality Management Systems - Guidelines for Configuration Management
ISO/IEC 11770-1:1996 Information Technology - Security Techniques - Key Management - Part 1: Framework
ISO/IEC 12207:1995 Information Technology - Software Life Cycle Processes
ISO/IEC 13335-1:2004, Information Technology - Security Techniques - Management of Information and Communications Technology Security - Part 1: Concepts and Models for Information and Communications Technology Security Management
ISO/IEC 13888-1: 1997, Information Technology - Security Techniques - Non-repudiation - Part 1: General
ISO/IEC 9796-2:2002 Information Technology - Security Techniques - Digital Signature Schemes Giving Message Recovery - Part 2: Integer Factorization Based Mechanisms
ISO/IEC 9796-3:2000 Information Technology - Security Techniques - Digital Signature Schemes Giving Message Recovery - Part 3: Discrete Logarithm Based Mechanisms
ISO/IEC Guide 2:1996, Standardization and Related Activities - General Vocabulary
ISO/IEC Guide 73:2002, Risk Management - Vocabulary - Guidelines for use in Standards
ISO/IEC TR 13335-3:1998, Information Technology - Guidelines for the Management of IT Security - Part 3: Techniques for the Management of IT Security