ISO 27002 is derived from BS 7799 Part 1, which it superseded (formerly called ISO 17799).
ISO 27002 is the 'Code of Practice for Information Security Management' and is a management guide to the implementation of adequate security in an organisation.
It is a checklist of controls within the eleven clauses and explains or gives further guidance on them. It is used to advise the implementer of how and why the controls are implemented and gives some guidance on how they are to be implemented.
ISO 27002 does not set the 'need' for security but provides a 'shopping list' of components that can be installed.
No comments:
Post a Comment