Skip to content

Glossary definition: ISO/IEC 27002

ISO/IEC 27002: Security Standards for Information Systems

ISO/IEC 27002 is an internationally recognized standard for information security management. It provides a comprehensive set of controls that organizations can use to protect their information assets. It is the successor to the original ISO/IEC 17799:2005 standard, which was the first international standard for information security management. ISO/IEC 27002 provides guidance on how organizations can manage the security of their information assets, including the selection, implementation, and monitoring of appropriate controls. It covers areas such as risk assessment, access control, asset management, physical and environmental security, cryptography, incident management, and business continuity. The standard is organized into 14 domains, each of which contains a set of control objectives and controls. The control objectives provide organizations with the framework they need to identify, assess, and manage their information security risks. The controls provide organizations with the specific security measures they need to put in place to protect their information assets. ISO/IEC 27002 is an important tool for organizations looking to protect their information assets and ensure compliance with applicable regulations and industry standards.