![]() ISO/IEC 27002 is an advisory document, a recommendation rather than a formal specification such as ISO/IEC 27001. ![]() Its lineage stretches back to BS 7799 in the mid-1990s. ISO/IEC 27002 is a popular international standard describing a generic selection of ‘good practice’ information security controls, typically used to mitigate unacceptable risks to the confidentiality, integrity and availability of information. This document is designed to be used by organisations: (a) within the context of an information security management system (ISMS) based on ISO/IEC27001 (b) for implementing information security controls based on internationally recognized best practices (c) for developing organisation-specific information security management guidelines.” Introduction ISO/IEC 27002:2022 - Information security, cybersecurity and privacy protection - Information security controls (third edition)Ībstract “This document provides a reference set of generic information security controls including implementation guidance.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |