WHAT IS ISO/IEC 27002:2013
According to ISO/IEC 27000 series, ISO/IEC 27002 is International Standard that provides a list of commonly accepted control objectives and best practice controls to be used as implementation guide when selecting and implementing controls for achieving information security.
This standard gives guidelines on how to select, implement and manage controls and take into consideration to the organization's information security risk environment.
ISO/IEC 27001 uses ISO/IEC 27002 code of practice to indicate suitable information security controls within ISMS but since ISO/IEC 27002 standard is merely a guidelines then organization has a freedom to select and adopt any suitable security controls.
This standard composes of 14 security clauses, 35 domains and 114 controls.
By treating the ISO/IEC 27002 standard as a generic controls checklist just like a menu from which organizations can select their own set of controls and not mandating specific controls is what makes the standard broadly applicable. Even as the technology and security risks has changed, and gives users tremendous flexibility in the implementation. Currently no formal
compliance certificate against ISO/IEC 27002.
compliance certificate against ISO/IEC 27002.
