ISO/IEC 27002 - Code of Practice for Information Security Controls (CPISC)

Information Security Management

The ISO/IEC 27002 (ISO 27002) Standard was originally published as a rename of the existing ISO 17799 standard, a code of practice for information security. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented, in theory, subject to the guidance provided within ISO 27001.

Organizations adopting Code of Practice for Information Security Controls (CPISC) assess their own information risks, clarify their control objectives and apply suitable controls using the standard for guidance.

Sections of ISO/IEC 27002 (ISO 27002)

• Section 0 : Introduction
• Section 1 : Scope
• Section 2 : Normative References
• Section 3 : Terms and Definitions
• Section 4 : Structure of this Standard
• Section 5 : Information Security Policies
• Section 6 : Organization of Information Security
• Section 7 : Human Resources Security
• Section 8 : Asset Management
• Section 9 : Access Control
• Section 10 : Cryptography
• Section 11 : Physical and Environmental Security
• Section 12 : Operations Security
• Section 13 : Communications Security
• Section 14 : Systems Acquisition, Development and Maintenance
• Section 15 : Supplier Relationships
• Section 16 : Information Security Incident Management
• Section 17 : Information Security Aspects of Business Continuity Management
• Section 18 : Compliance