ISO IEC 27002 2013 Overview of Information Security Standard

This web page presents a Plain English overview of the new
ISO IEC 27002 information security standard. For a more detailed
version, please see ISO IEC 27002 2013 Translated into Plain English.

Overview of ISO 27002 Information Security Standard

5. Security Policy Management

5.1 Provide management direction and support

6. Corporate Security Management

6.1 Establish an internal information security organization

6.2 Protect your organization's mobile devices and telework

7. Personnel Security Management

7.1 Emphasize security prior to employment

7.2 Emphasize security during employment

7.3 Emphasize security at termination of employment

8. Organizational Asset Management   DETAILED PDF SAMPLE

8.1 Establish responsibility for corporate assets

8.2 Develop an information classification scheme

8.3 Control how physical media are handled

9. Information Access Management

9.1 Respect business requirements

9.2 Manage all user access rights

9.3 Protect user authentication

9.4 Control access to systems

10. Cryptography Policy Management

10.1 Control the use of cryptographic controls and keys

11. Physical Security Management

11.1 Establish secure areas to protect assets

11.2 Protect your organization's equipment

12. Operational Security Management

12.1 Establish procedures and responsibilities

12.2 Protect your organization from malware

12.3 Make backup copies on a regular basis

12.4 Use logs to record security events

12.5 Control your operational software

12.6 Address your technical vulnerabilities

12.7 Minimize the impact of audit activities

13. Network Security Management  

13.1 Protect networks and facilities

13.2 Protect information transfers

14. System Security Management

14.1 Make security an inherent part of information systems

14.2 Protect and control system development activities

14.3 Safeguard data used for system testing purposes

15. Supplier Relationship Management

15.1 Establish security agreements with suppliers

15.2 Manage supplier security and service delivery

16. Security Incident Management

16.1 Identify and respond to information security incidents

17. Security Continuity Management

17.1 Establish information security continuity controls

17.2 Build redundancies into information processing facilities

18. Security Compliance Management

18.1 Comply with legal security requirements

18.2 Carry out security compliance reviews



Introduction to ISO IEC 27002

How to Use ISO IEC 27002 Standard

Information Security Control Objectives

ISO IEC 27002 Translated into Plain English

Plain English Information Security Audit Tool

Plain English ISO IEC 27002 2013 Checklist

ISO IEC 27002 2013 vs ISO IEC 27002 2005

ISO IEC 27000 Definitions in Plain English

OUR ISO 27001 2013 PAGES

Introduction to ISO IEC 27001 2013

Plain English Outline of ISO IEC 27001 2013

Plain English Overview of ISO IEC 27001 2013

ISO IEC 27001 2013 versus ISO IEC 27001 2005

ISO IEC 27001 2013 Translated into Plain English

Overview of ISO IEC 27001 2013 Annex A Controls

Updated on March 8, 2018. First published on March 21, 2014.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited   780-461-4514

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright 2014 - 2019 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research