ISO IEC 27001 vs ISO IEC 27002*

* ISO IEC 27002 2005 was previously known as ISO IEC 17799 2005

ISO 27001 is an information security management standard. It's purpose is to help organizations to establish and maintain an Information Security Management System (ISMS). It defines a set of requirements that must be met if you want your ISMS to be formally certified.

ISO 27001 is also an ISMS development methodology. It explains how to create an ISMS. However, it doesn't tell you what kind of elements make up an ISMS. That's what ISO 27002 2005 is all about.

ISO 27002 (17799) lists all the bits and pieces that combine to make up an ISMS. It presents a detailed list of generally accepted information security management practices. ISO 27001 asks you to select only those security practices that address your security risks and requirements.

The information security management practices that make up
ISO 27002 are organized in the following way:

  1. Security Objectives (for ISO 27001)

  2. Security Controls (for ISO 27001)

  3. Implementation Guidance

  4. Other Information

ISO 27001 asks you to select the Security Objectives and Security Controls (1 and 2 above) that address your unique security risks and requirements, and then to use this information to prepare what  ISO calls a Statement of Applicability. This Statement of Applicability is, in turn, used to prepare a detailed Risk Treatment Plan. Once you've implemented this Plan, you've established an ISMS, one that meets your organization's unique information security needs and requirements.

Fortunately, the ISO 27002 (17799) Security Objectives and Security Controls are included with the ISO 27001 standard (and our Title 35), so you don't have to purchase ISO 27002 (17799) in order to build your ISMS.  However, if you also want to get additional detailed  implementation guidance (item 3 above) and other related information (item 4), you will have to purchase ISO 27002 (17799) or our Title 37.
ISO 27001 and ISO 27002 (17799) are Information Security Standards

ISO 27001 v ISO 17799 (27002) Information Security

OUR INFORMATION SECURITY LIBRARIES

ISO IEC 27001 2005 Information Security Management Library

ISO IEC 27002 2005 Information Security Management Library
HOW TO ORDER OUR PLAIN ENGLISH PRODUCTS

ISO 27001 versus ISO 27002 (17799)

 
CONTACT INFORMATION
 
Praxiom Research Group Limited
9619 - 100A Street, Edmonton,
Alberta, Canada, T5K 0V7
Phone: (780)461-4514
Fax: (780)463-6034
info@praxiom.com
 

Updated April 5, 2008

ISO 27001 27002 NAVIGATION GUIDE

       
Home Page Table of Contents Alphabetical Index Site Map
       
How to Order Our Products Our Prices Our Guarantee
       
 
 

ISO 27001 versus ISO 17799 Information Security Management Standard

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use.   But, you are not
 legally authorized to print or produce additional copies, or to copy and paste
 any of our material onto another web site.  If you would like to purchase our
 material, please contact our Sales Desk. Our staff would be very pleased to
 take your order or to answer any questions you might have.

Copyright © 2006 - 2008 by Praxiom Research Group Limited. All Rights Reserved.

Disclaimer and Limitation of Liability
The publisher and authors have used their best efforts in designing and
  developing this electronic publication. We make no representation or warranties
  with respect to accuracy or completeness of the contents of this publication and
  specifically disclaim any implied warranties or merchantability or fitness for any
  particular purpose and shall in no event be liable for any loss of profit or any
  other commercial damage, including but not limited to special, incidental,
  consequential, or other damages.