The Business Standards Encyclopedia: ISO 27002

ISO 27002

ISO 27002 began its life as code of practice published by the UK government. This evolved into a BSI standard (BS7799) which further evolved into an ISO standard (ISO 17799) which further evolved into ISO 27002! Well - not exactly 'evolved' - because ISO 27002:2007 is basically just a rename of ISO 17799:2005.

ISO 27002 Contents

The full title of this standard is: "Information technology. Security techniques. Code of practice for information security management". It contains the following sections:

Risk Assesment/Treatment
Security policy
organization of Information Security
Asset Management
Human Resources Security
Physical and Environmental Security
Communications and Operation Management
Access Control
Information Systems Acquisitions, Development, Maintenance
Information Security, Incident Management
Business Continuity Management

Importantly, ISO 27002 is technology independent. It focuses upon the management aspects of information security, defining controls in a generic sense so that they are applicable across different applications, platforms, and technologies.

Related Standards

ISO 27002 is part of the ISO 27000 series of standards. The most closely related of these is ISO 27001, which is the specification for an ISMS (Information Security Management System).

Internet Sources

Note that as ISO27002 is a rename only, the major standards stores appear to be still supplying the ISO 17799 named copies. This situation will change in the fullness of time.

British Standards Institute

BSI offer direct download of the PDF version. It can be obtained from the:
Standards Direct Store

The ISO 27002 Toolkit

The standard is included with various support documents in the:
ISO 27002 Toolkit

2007 (c) All rights reserved.    │   Home   │   Email