You are here
ISO/IEC 27002: Information Security - Code of Practice
Date added 11 August 2009
Last edited 4 November 2009
Full Title
ISO/IEC 27002: Information Technology - Security Techniques - Information Security Management Systems - Code of Practice for Information Security Management
Description
ISO/IEC 27002 gives practical implementation guidance and further information for each of the controls identified in ISO/IEC 27001. It contains guidance on how to select appropriate controls for an implementation, including those essential for legislative compliance and those required for best practice.
Standards Developing Organisations
Rights
No information
Lifecycle Actions
- Access, Use and Reuse
- Store
Standard Framework
- Digital Archive Standards
Standard Type
- Security Standards
Current Version
- 2005 - ISO/IEC 27002:2005, Information Technology - Security Techniques - Information Security Management Systems - Code of Practice for Information Security Management [external]
- Full text available for purchase from ISO.
Further Information
- Wikipedia entry for ISO/IEC 27002 [external]
Alternative Current Versions
None.
Previous Version
- 2005 - ISO/IEC 17799: Information Technology - Security Techniques - Code of Practice for Information Security Management [external]
- Corrected by ISO/IEC 17799:2005/Cor.1:2007. The standard and the correction together are replaced by ISO/IEC 27002:2005
Referenced Standards
- IEEE P1363-2000: Standard Specifications For Public-Key Cryptography
- ISO 10007:2003 Quality Management Systems - Guidelines for Configuration Management
- ISO/IEC 11770-1:1996 Information Technology - Security Techniques - Key Management - Part 1: Framework
- ISO/IEC 12207:1995 Information Technology - Software Life Cycle Processes
- ISO/IEC 13335-1:2004, Information Technology - Security Techniques - Management of Information and Communications Technology Security - Part 1: Concepts and Models for Information and Communications Technology Security Management
- ISO/IEC 13888-1: 1997, Information Technology - Security Techniques - Non-repudiation - Part 1: General
- ISO/IEC 9796-2:2002 Information Technology - Security Techniques - Digital Signature Schemes Giving Message Recovery - Part 2: Integer Factorization Based Mechanisms
- ISO/IEC 9796-3:2000 Information Technology - Security Techniques - Digital Signature Schemes Giving Message Recovery - Part 3: Discrete Logarithm Based Mechanisms
- ISO/IEC Guide 2:1996, Standardization and Related Activities - General Vocabulary
- ISO/IEC Guide 73:2002, Risk Management - Vocabulary - Guidelines for use in Standards
- ISO/IEC TR 13335-3:1998, Information Technology - Guidelines for the Management of IT Security - Part 3: Techniques for the Management of IT Security