ISO IEC 27002 2005TRANSLATED INTO PLAIN ENGLISH |
ISO IEC 27002 2005 is now OBSOLETE. Please see ISO IEC 27002 2013.
|
5.1 Establish |
5.1.1 Develop an information 5.1.2 Review your information
|
|
6.1 Establish an |
6.1.1 Make an active
commitment 6.1.2 Coordinate information 6.1.3 Allocate information
security 6.1.4 Establish an
authorization 6.1.5 Use confidentiality
agreements 6.1.6 Maintain relationships 6.1.7 Maintain relationships
with 6.1.8 Perform independent
|
|
6.2 Control external |
6.2.1 Identify
risks related
to 6.2.2 Address security before 6.2.3 Address security using
|
|
7.1 Establish |
7.1.1 Compile an inventory
7.1.2 Select
owners for your
7.1.3 Establish acceptable-use rules
|
|
7.2 Use an |
7.2.1 Develop information
7.2.2 Use information
handling
|
|
8.1 Emphasize |
8.1.1 Define
all security
roles 8.1.2 Verify the backgrounds
8.1.3 Use contracts to
protect
|
|
8.2 Emphasize |
8.2.1 Expect your managers
8.2.2 Deliver relevant information
8.2.3 Set up an official disciplinary
|
|
8.3 Emphasize |
8.3.1 Assign responsibility
for 8.3.2 Make sure that assets
are 8.3.3 Remove information
access
|
|
9.1 Use security |
9.1.1 Use physical security
9.1.2 Use physical entry
controls 9.1.3 Secure your
organization’s 9.1.4 Protect your facilities
from 9.1.5 Use work guidelines to
9.1.6 Isolate and control
|
|
9.2 Protect |
9.2.1 Use equipment siting 9.2.2 Make sure that
supporting 9.2.3 Secure all power and 9.2.4 Maintain your equipment. 9.2.5 Protect off‑site equipment. 9.2.6 Control disposal and re‑use. 9.2.7 Control use of assets off‑site.
|
|
10.1 Establish |
10.1.1 Document
all of your 10.1.2 Control changes to
10.1.3 Segregate all duties 10.1.4 Separate development
|
|
10.2 Control third |
10.2.1 Manage
third party
10.2.2 Monitor third party
10.2.3 Control changes to
|
|
10.3 Carry out
|
10.3.1 Monitor usage and
carry 10.3.2 Use acceptance
criteria
|
|
10.4 Protect
|
10.4.1 Establish
controls to
10.4.2 Control the use of
|
|
10.5 Establish
your |
10.5.1 Backup your
information
|
|
10.6 Protect
your |
10.6.1 Establish network
10.6.2 Control network
|
|
10.7 Control
|
10.7.1 Manage removable media. 10.7.2 Manage the disposal of
10.7.3 Control information
10.7.4 Protect your system
|
|
10.8 Protect |
10.8.1 Establish information
exchange 10.8.2 Establish information
and 10.8.3 Safeguard the
transportation 10.8.4 Protect your electronic 10.8.5 Protect interconnected
|
|
10.9 Protect |
10.9.1 Protect information
that 10.9.2 Protect your on‑line
10.9.3 Protect all information
|
|
10.10 Monitor |
10.10.1 Establish audit logs.
10.10.2 Monitor
information
10.10.3 Protect logging
facilities 10.10.4 Log system
administrator 10.10.5 Log information
processing 10.10.6 Synchronize your
|
|
11.1 Control
access |
11.1.1 Develop a policy to
control
|
|
11.2 Manage
user |
11.2.1 Establish a user
access 11.2.2 Control the management
11.2.3 Establish a process to
11.2.4 Review user access
|
|
11.3 Encourage |
11.3.1 Expect users to
protect 11.3.2 Expect users to
protect 11.3.3 Establish a clear‑desk
|
|
11.4 Control access |
11.4.1 Formulate a policy on
11.4.2 Authenticate remote
11.4.3 Use automatic
equipment 11.4.4 Control access to
diagnostic 11.4.5 Use segregation
methods 11.4.6 Restrict connection 11.4.7 Establish network
|
|
11.5 Control access |
11.5.1 Establish secure
11.5.2 Identify and
authenticate 11.5.3 Establish a password
11.5.4 Control the use of 11.5.5 Use session time‑outs
11.5.6 Restrict connection
times
|
|
11.6 Control access |
11.6.1 Restrict access by
users 11.6.2 Isolate all sensitive
|
|
11.7 Protect mobile |
11.7.1 Protect mobile
computing 11.7.2 Protect and control
all
|
|
12.1 Identify |
12.1.1 Identify
security
controls |
|
12.2 Make sure
|
12.2.1 Validate data input
12.2.2 Protect message
integrity
12.2.3 Validate output data.
|
|
12.3 Use |
12.3.1 Implement a policy on
use 12.3.2 Establish a secure key
|
|
12.4 Protect
|
12.4.1 Control the
installation 12.4.2 Control the use of
system 12.4.3 Control access to
|
|
12.5 Control |
12.5.1 Establish formal
change 12.5.2 Review applications
after 12.5.3 Restrict changes to
12.5.4 Prevent information
12.5.5 Control outsourced
|
|
12.6 Control |
12.6.1 Control your technical
|
13. Information Security Incident Management <SAMPLE PDF |
||
|
13.1
Report |
13.1.1 Report
information
security 13.1.2 Report security
weaknesses
|
|
13.2 Manage |
13.2.1 Establish incident
response
13.2.2 Learn
from
information
13.2.3 Collect evidence to
|
|
14.1 Use continuity |
14.1.1 Establish a business
continuity 14.1.2 Identify the events
that 14.1.3 Develop and implement
14.1.4 Establish business continuity 14.1.5 Test and update your
|
|
15.1 Comply with |
15.1.1 Identify all relevant
15.1.2 Protect your records. 15.1.3 Protect the privacy of
15.1.4 Prevent misuse of data
15.1.5 Control the use of
|
|
15.2 Perform |
15.2.1 Review compliance with
15.2.2 Review technical
|
|
15.3 Carry
|
15.3.1 Control the audit of
15.3.2 Protect information
|
ISO IEC 17799 2005 is now obsolete. It was replaced by ISO IEC 27002 2013. |
RELATED RESOURCES ISO 31000 Risk Management Library |
Praxiom Research Group Limited help@praxiom.com 780-461-4514 |
|||
Updated on May 3, 2014. First published on December 22, 2005. |
|||
Legal
Restrictions on the Use of this Page
Copyright © 2006 - 2014 by Praxiom Research Group Limited. All Rights Reserved. |