ISO 27001

A standard that outlines the requirements for an information security management system (ISMS). It provides a framework for managing sensitive company information so that it remains secure.

ISO 27002

On the other hand, ISO 27002 is a code of practice for information security management. It provides guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.

In summary, ISO 27001 is a standard and ISO 27002 is a code of practice. ISO 27001 provides the requirements for an ISMS, while ISO 27002 provides guidelines for information security management.

It is a code of practice for information security management, providing a framework for managing sensitive company information so as to maintain confidentiality, integrity, and availability.

The standard is divided into 14 sections, or clauses, each of which covers a different aspect of information security management. These sections include:

  1. Introduction: provides an overview of the standard and its purpose
  2. Scope: defines the boundaries of the information security management system
  3. Normative references: lists the other standards and documents that are referred to in the standard
  4. Terms and definitions: explains the key terms and concepts used in the standard
  5. Information security management system: describes the overall structure of the information security management system
  6. Management responsibility: details the responsibilities of management in relation to information security
  7. Internal organization: describes the structure and responsibilities of the organization in relation to information security
  8. Asset management: covers the management and protection of the organization’s information assets
  9. Human resources security: addresses the security aspects of managing human resources
  10. Physical and environmental security: covers the measures to protect the organization’s physical assets and the surrounding environment
  11. Communications and operations management: covers the management of the organization’s communications systems and the management of its information processing facilities
  12. Access control: covers the measures taken to ensure that only authorized individuals have access to the organization’s information
  13. Information systems acquisition, development, and maintenance: covers the security aspects of acquiring, developing, and maintaining information systems
  14. Information security incident management: covers the management of information security incidents.

ISO 27002 is intended to be used in conjunction with other ISO 27000-series standards, such as ISO 27001, which provides a specific set of requirements for an information security management system. It provides a systematic approach to managing sensitive company information by establishing a framework of policies, procedures, standards and guidelines.


Posted

in

, ,

by