ISO/IEC 27001/27002
International Organization for Standardization/International Electrotechnical Commission
Overview
ISO/IEC 27001, established in 2005, is an Information Security Management System standard that formally specifies a management system for bringing information security under explicit management control.
ISO/IEC 27002, established in 2005, is a best practice standard for Information Security. It consists of the following 12 main sections:
- Risk assessment
- Security policy – management direction
- Organization of information security – governance of information security
- Asset management – inventory and classification of information assets
- Human resources security – security aspects for employees joining, moving and leaving an organization
- Physical and environmental security – protection of the computer facilities
- Communications and operations management – management of technical security controls in systems and networks
- Access control – restriction of access rights to networks, systems, applications, functions and data
- Information systems acquisition, development and maintenance – building security into applications
- Information security incident management – anticipating and responding appropriately to information security breaches
- Business continuity management – protecting, maintaining and recovering business-critical processes and systems
- Compliance – ensuring conformance with information security policies, standards, laws and regulations
References
- International Organization for Standardization (ISO)
- International Electrotechnical Commission (IEC)
Industry
Any organization that wishes to demonstrate compliance with the standard
Free Consultation
Our clients trust us to keep their businesses secure. Let's discuss how we can do that for you too.Schedule Today