CHAPTER 7: OVERVIEW OF ISO/IEC 27002:2013
This Standard’s title is ‘Information technology – Security techniques – Code of practice for information security management’. Published in October 2013, it replaced the previous edition, ISO/IEC 27002:2005.
It is a code of practice, not a specification. It uses words like ‘should’ and ‘may’: It ‘may be regarded as a starting point for developing organisation-specific guidelines’.1
ISO27002 is more than twice as long as ISO27001, with 90 pages, 8 of which are introductory material. Some 78 pages deal, in detail, with information security controls. This standard has 18 clauses, as shown below:
• Foreword
0. Introduction
1. Scope
2. Normative references
3. Terms and definitions
4. Structure of this standard ...
Get ISO27001/ISO27002 A Pocket Guide, 2nd edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.