Skip to content

Glossary definition: ISO/IEC 27002 Security Policy

ISO/IEC 27002: A Comprehensive Security Policy Guide

ISO/IEC 27002 Security Policy is a set of guidelines, procedures, and best practices that organizations use to protect their information assets. It is based on a framework of security controls that are designed to reduce the risk of unauthorized access, use, disclosure, disruption, modification, or destruction of information. The security policy outlines the organization’s security objectives and identifies the security controls that will be used to achieve those objectives. The policy also defines the roles and responsibilities of personnel involved in the security process, and outlines the procedures for responding to security incidents. ISO/IEC 27002 Security Policy provides organizations with a comprehensive approach to information security management.