ISO/IEC 27002 is an international standard on security techniques that discusses the code of practice for information security controls to enhance the security of a company’s data.
ISO/IEC 27002 specifies guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environments.
ISO/IEC 27002 is designed to be used by organizations that intend to:
ISO/IEC 27002 on code of practice for information security controls is relevant to:
Information security controls are measures taken to reduce information security risks such as information systems breaches, data theft, and unauthorized changes to digital information or systems.
ISO/IEC 27002 is designed for organizations to use as a reference for selecting controls within the process of implementing an Information Security Management System (ISMS) or as a guidance document for organizations implementing commonly accepted information security controls.
ISO/IEC 27002 assists you with guidelines for selection, implementation and management of controls for use in developing industry- and organization-specific information security management taking into consideration their specific information security risk environments.
ISO/IEC 27002 assists in information security by implementing a suitable set of controls, including policies, processes, procedures, organizational structures and software and hardware functions. These controls are established, implemented, monitored, reviewed, and improved, where necessary, to ensure that the specific security and business objectives of the organization are met.
With compliance and obedience to ISO/IEC 27002, you can take a holistic, coordinated view of the organization’s information security risks to implement a comprehensive suite of information security controls under the overall framework of a coherent management system.
EN ISO/IEC 27002:2017