This web page presents a Plain English overview
of the new
ISO IEC 27002 information security standard.
For a more detailed
version, please see ISO
IEC 27002 2013 Translated into Plain English.
5. Security Policy Management |
5.1 Provide management direction and support |
6. Corporate Security Management |
6.1 Establish an internal information security organization 6.2 Protect your organization's mobile devices and telework |
7. Personnel Security Management |
7.1 Emphasize security prior to employment 7.2 Emphasize security during employment 7.3 Emphasize security at termination of employment |
8. Organizational Asset Management DETAILED PDF SAMPLE |
8.1 Establish responsibility for corporate assets 8.2 Develop an information classification scheme 8.3 Control how physical media are handled |
9. Information Access Management |
9.1 Respect business requirements 9.2 Manage all user access rights 9.3 Protect user authentication 9.4 Control access to systems |
10. Cryptography Policy Management |
10.1 Control the use of cryptographic controls and keys |
11. Physical Security Management |
11.1 Establish secure areas to protect assets 11.2 Protect your organization's equipment |
12. Operational Security Management |
12.1 Establish procedures and responsibilities 12.2 Protect your organization from malware 12.3 Make backup copies on a regular basis 12.4 Use logs to record security events 12.5 Control your operational software 12.6 Address your technical vulnerabilities 12.7 Minimize the impact of audit activities |
13. Network Security Management |
13.1 Protect networks and facilities 13.2 Protect information transfers |
14. System Security Management |
14.1 Make security an inherent part of information systems 14.2 Protect and control system development activities 14.3 Safeguard data used for system testing purposes |
15. Supplier Relationship Management |
15.1 Establish security agreements with suppliers 15.2 Manage supplier security and service delivery |
16. Security Incident Management |
16.1 Identify and respond to information security incidents |
17. Security Continuity Management |
17.1 Establish information security continuity controls 17.2 Build redundancies into information processing facilities |
18. Security Compliance Management |
18.1 Comply with legal security requirements 18.2 Carry out security compliance reviews |
Updated on March 8, 2018. First published on March 21, 2014.
Praxiom Research Group Limited 780-461-4514 help@praxiom.com |
Legal Restrictions on the Use of this Page
Copyright © 2014 - 2019 by Praxiom Research Group Limited. All Rights Reserved. |