ISO 27002 2005*

Information Security Standard

PLAIN ENGLISH OVERVIEW

*ISO IEC 27002 2005 was formerly known as ISO IEC 17799 2005. However, nothing else has changed. The content is the same.

ISO 27002 is all-encompassing. It covers ALL kinds of information.

The ISO/IEC 27002 2005 standard consists of recommended
information security practices. These recommended
practices are found in sections 5 to 15. Therefore
the following material starts with section 5.

ISO 27002 (17799) Information Security by Praxiom Research

5. Security Policy Management
5.1 Establish a comprehensive information security policy
6. Corporate Security Management
6.1 Establish an internal security organization

6.2 Control external party use of your information
7. Organizational Asset Management
7.1 Establish responsibility for your organization's assets

7.2 Use an information classification system
8. Human Resource Security Management
8.1 Emphasize security prior to employment

8.2 Emphasize security during employment

8.3 Emphasize security at termination of employment
9. Physical and Environmental Security Management
9.1 Use secure areas to protect facilities

9.2 Protect your organization's equipment
10. Communications and Operations Management
10.1 Establish procedures and responsibilities

10.2 Control third party service delivery

10.3 Carry out future system planning activities

10.4 Protect against malicious and mobile code

10.5 Establish backup procedures

10.6 Protect computer networks

10.7 Control how media are handled

10.8 Protect exchange of information

10.9 Protect electronic commerce services

10.10 Monitor information processing facilities
11. Information Access Control Management
11.1 Control access to information

11.2 Manage user access rights

11.3 Encourage good access practices

11.4 Control access to network services

11.5 Control access to operating systems

11.6 Control access to applications and systems

11.7 Protect mobile and teleworking facilities
12. Systems Development and Maintenance
12.1 Identify information system security requirements

12.2 Make sure applications process information correctly

12.3 Use cryptographic controls to protect your information

12.4 Protect and control your organization's system files

12.5 Control development and support processes
13. Information Security Incident Management <<< SAMPLE PDF
13.1 Report information security events and weaknesses

13.2 Manage information security incidents and improvements
14. Business Continuity Management
14.1 Use continuity management to protect your information
15. Compliance Management
15.1 Comply with legal requirements

15.2 Perform security compliance reviews

15.3 Carry out controlled information system audits

* Check out a MORE DETAILED VERSION OF ISO 27002 2005 *

If you would like to have the complete plain English standard, including all
objectives, controls, implementation guidelines and notes, please consider
purchasing our Title 37: ISO/IEC 27002 2005 Translated into Plain English.

If you need a detailed and complete interpretation of
ISO IEC 27002 (17799), please consider purchasing our
Title 37: ISO IEC 27002 2005 Translated into Plain English.

Our plain English ISO 27002 standard is 263 pages long.
It includes all information security objectives, controls, implementation guidelines, and supporting notes.

Check out our Title 37 Table of Contents.
 Check our PricesPlace an Order.
 Check our License Agreement.

 Our Title 37 provides a detailed, accurate, and complete
interpretation of  ISO IEC 27002 2005. It uses language that
is clear, precise, and easy to understand. We guarantee it

ISO 27002 (17799) Information Security

OTHER ISO 27002 INFORMATION SECURITY WEB PAGES

Introduction to ISO 27002 (17799) Information Security Standard

ISO 27002 (17799) Security Standard Translated into Plain English

ISO 27001 27002 Plain English Security Management Definitions

Complete list of ISO 27002 (17799) Information Security Objectives

ISO 27002 (17799) Information Security Management Audit Tool
ISO 27001 INFORMATION SECURITY PAGES

Introduction to ISO 27001 Information Security

Comparison of ISO 27001 2005 and ISO 17799 2005

Overview of ISO 27001 2005 Information Security Standard

ISO 27001 2005 Information Security Standard in Plain English

ISO 27001 2005 Information Security Management Gap Analysis Tool
Home Page Our Libraries A to Z Index Our Customers
How to Order Our Products Our Prices Our Guarantee

PRAXIOM RESEARCH GROUP LIMITED
9619 - 100A Street, Edmonton, Alberta, T5K 0V7, Canada
Telephone: (780)461-4514 info@praxiom.com

Updated on October 25, 2008. On the Web since May 25, 1997.

Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing and
  developing this electronic publication. We make no representation or warranties
  with respect to accuracy or completeness of the contents of this publication and
  specifically disclaim any implied warranties or merchantability or fitness for any
  particular purpose and shall in no event be liable for any loss of profit or any
  other commercial damage, including but not limited to special, incidental,
  consequential, or other damages.

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies, or to copy and paste
 any of our material onto another web site.  If you would like to purchase our
 material, please contact our Sales Desk. Our staff would be very pleased to
 take your order or to answer any questions you might have.

Copyright © 2006-2008 by Praxiom Research Group Limited. All Rights Reserved.

ISO 27002 (17799 BS 7799) Information Security Standard