ISO 27002 provides best practice recommendations on information security controls for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). It provides 114 potential controls and control mechanisms designed to be implemented with the guidelines set by ISO 27001. These controls address risk management and security management issues. The standard is published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It details controls for categories including structure, security policies, organization of information security, human resources security, IT asset management, access control, cryptography, physical and environmental security, operations security, communications security, information systems acquisition, development and maintenance, supplier relationships, IS incident management, security issues for business continuity and compliance.
Would you like to learn more about the ISO 27002 standard? Get a Governance, Risk and Compliance (GRC) demonstration of Rsam.