ISO/IEC 27002
Go To Accredited ISO 27002 Training
ISO/IEC 27000 defines
a Information Security Management System (ISMS). It provides an overview
of and introduction to the entire ISO/IEC 27000 family of ISMS standards; and
provides a glossary or vocabulary of fundamental terms and definitions used
throughout the ISO/IEC 27000 family. The 'ISO/IEC 27000 series' is an
information security standard published by the International Organization for
Standardization (ISO) and the International Electrotechnical Commission (IEC).
ISO/IEC 27002 is part of the family of ISO/IEC ISMS standards.
It is entitled Information technology - Security techniques - Code of practice
for information security management. It was originally ISO/IEC 17799:2005 and
subsequently renumbered ISO/IEC 27002:2005 in July 2007, bringing it into line
with the other ISO/IEC 27000-series standards.
ISO/IEC 27002 provides best practice recommendations on
information security management for use by those who are responsible for
initiating, implementing or maintaining Information Security Management Systems
(ISMS). Information security is defined within the standard in the context of
CIA:
- Confidentiality: Ensuring that information is accessible
only to those authorised to have access
- Integrity: safeguarding the accuracy and completeness of
information and processing methods
- Availability: Ensuring that authorised users have access
to information and associated assets when required
The ISO/IEC 27000 specification is available as a
FREE download from the ITTF site associated with ISO.
ISO27002 Mind Map
|
