ArticleField.comInternet's Fastest Growing Free Content Article Directory

ISO/IEC 27002 is a code of practice for information security published together by the International Organization for Standardization (ISO) and by the International Electro technical Commission (IEC). Originally, a code of practice published by the UK government, it later evolved into a BSI standard (BS7799). When ISO/IEC adopted the British Standard,it became ISO/IEC 17799:2000. Revised in 2005 (ISO 17799:2005), it was renumbered (but otherwise unchanged) in 2007 (ISO 27002:2007) to align with the other ISO/IEC 27000-series standards.

Named as ‘Information technology – Security techniques – Code of practice for information security management’, it provides best practice recommendations on information security management for those enterprises that need to set up a comprehensive information security management program or enhance its current information security practices. Though ISO/IEC recommends enterprises to consider each of the security practices, it is not compulsory that each enterprise must implement every practice. Organizations need to implement only those practices that meet their requirements or address their information security risks.

The ISO 27002 standards provide “guidelines and general principles for initiating, implementing, maintaining, and improving information security management within an organization.” The objective of the ISO/IEC 27002 standards is to develop “organizational security standards and effective security management practices and to help build confidence in inter-organizational activities”.

The ISO/IEC 27002 standard contains the following twelve main sections:

1. Risk Assessment
2. Security Policy – management direction
3. Organization of Information Security– governance of information security
4. Asset Management – inventory and classification of information assets
5. Human Resources Security– security aspects for employees joining, moving and leaving an organization
6. Physical and Environmental Security– protection of the computer facilities
7. Communications and Operations Management- management of technical security controls in systems and networks
8. Access Control – restriction of access rights to networks, systems, applications, functions and data
9. Information Systems Acquisition, Development and Maintenance– building security into applications
10. Information Security Incident Management– anticipating and responding appropriately to information security breaches
11. Business Continuity Management- protecting, maintaining and recovering business-critical processes and systems
12. Compliance – ensuring conformance with information security policies, standards, laws and regulations

Today most of the business transactions happen online and therefore incidents of data breach is something that enterprises face regularly.Hence, enterprises must not only implement effective data security measures but also make others know about it. This can be easily done through ISO-27002 implementation.

ISO 27002 compliance helps enterprises in proving that information security practices are stringently followed and that their information is secure and in accordance with an internationally recognized standard. Hence, enterprises must deploy compliance management solution that has ready to use compliance control kits for ISO 27002 developed by security and compliance auditors with industry best practices.

Read more on – IT security and compliance, vendor management

[!] Report This Article

Processing your request, Please wait....

Report as:	Broken Links Invalid / Wrong Links Spam Inappropriate Content Copyrighted Article Other
Your Name:
Your Email:
Message about this article: