|
 |
ISO 27002 began its life as code of practice published by the UK government. This evolved into a BSI standard (BS7799) which further evolved into an ISO standard (ISO 17799) which further evolved into ISO 27002! Well - not exactly 'evolved' - because ISO 27002:2007 is basically just a rename of ISO 17799:2005.
The full title of this standard is: "Information technology. Security techniques. Code of practice for information security management". It contains the following sections:
• Foreword
• Introduction
• Scope
• Definitions
• Structure
• Risk Assesment/Treatment
• Security policy
• organization of Information Security
• Asset Management
• Human Resources Security
• Physical and Environmental Security
• Communications and Operation Management
• Access Control
• Information Systems Acquisitions, Development, Maintenance
• Information Security, Incident Management
• Business Continuity Management
• Compliance
• Bibliography
Importantly, ISO 27002 is technology independent. It focuses upon the management aspects of information security, defining controls in a generic sense so that they are applicable across different applications, platforms, and technologies.
ISO 27002 is part of the ISO 27000 series of standards. The most closely related of these is ISO 27001, which is the specification for an ISMS (Information Security Management System).
|
|
| |
|
Note that as ISO27002 is a rename only, the major standards stores appear to be still supplying the ISO 17799 named copies. This situation will change in the fullness of time.
|
|
|
BSI
British Standards Institute
|
|
BSI offer direct download of the PDF version. It can be obtained from the:
Standards Direct Store
|
|
|
TOOLKIT
The ISO 27002 Toolkit
|
|
The standard is included with various support documents in the:
ISO 27002 Toolkit
|
|
|
|
