Each organization is expected to undertake a structured information security risk assessment process to determine its specific requirements before selecting controls that are appropriate to its particular circumstances.Specific controls are not mandated since: For each of the controls, implementation guidance is provided. The information security controls are generally regarded as best practice means of achieving those objectives.
Within each chapter, information security controls and their objectives are specified and outlined.
Compliance - Compliance with legal and contractual requirements and Information security reviews. Information security aspects of business continuity management - Information security continuity and Redundancies. Information security incident management - Management of information security incidents and improvements. Supplier relationships - Information security in supplier relationships and Supplier service delivery management. System acquisition, development and maintenance - Security requirements of information systems, Security in development and support processes and Test data. Communication security - Network security management and Information transfer. Operation Security- procedures and responsibilities, Protection from malware, Backup, Logging and monitoring, Control of operational software, Technical vulnerability management and Information systems audit coordination. The standard starts with 5 introductory chapters: 2.1 Physical and Environmental security. 2 Implementation example of ISO/IEC 27002. The preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required). Information security is defined within the standard in the context of the CIA triad: ISO/IEC 27002 provides best practice recommendations on information security controls for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). Later in 2015 the ISO/IEC 27017 was created from that standard in order to suggest additional security controls for the cloud which were not completely defined in ISO/IEC 27002. The ISO/IEC standard was revised in 2005, and renumbered ISO/IEC 27002 in 2007 to align with the other ISO/IEC 27000-series standards. The Shell standard was developed into British Standard BS 7799 in the mid-1990s, and was adopted as ISO/IEC 17799 in 2000. The ISO/IEC 27000-series standards are descended from a corporate security standard donated by Shell to a UK government initiative in the early 1990s. #Iso 27002 code#
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology – Security techniques – Code of practice for information security controls.
JSTOR ( January 2013) ( Learn how and when to remove this template message).Unsourced material may be challenged and removed. Please help improve this article by adding citations to reliable sources. This article needs additional citations for verification.
0 kommentar(er)
