ISO 27002 2005

PLAIN ENGLISH OVERVIEW

ISO IEC 27002 2005 was formerly known as ISO IEC 17799 2005.
However, nothing else has changed. The content is the same.

ISO 27002 lists information security recommendatations.
These recommendations are found in sections 5 to 15.
Therefore the following material starts with section 5.

5. Security Policy Management

5.1 Establish a comprehensive information security policy.

6. Corporate Security Management

6.1 Establish an internal security organization.

6.2 Control external party use of your information.

7. Organizational Asset Management

7.1 Establish responsibility for your organization's assets.

7.2 Use an information classification system.

8. Human Resource Security Management

8.1 Emphasize security prior to employment.

8.2 Emphasize security during employment.

8.3 Emphasize security at termination of employment.

9. Physical and Environmental Security Management

9.1 Use secure areas to protect facilities.

9.2 Protect your organization's equipment.

10. Communications and Operations Management

10.1 Establish procedures and responsibilities.

10.2 Control third party service delivery.

10.3 Carry out future system planning activities.

10.4 Protect against malicious and mobile code.

10.5 Establish backup procedures.

10.6 Protect computer networks.

10.7 Control how media are handled.

10.8 Protect exchange of information.

10.9 Protect electronic commerce services.

10.10 Monitor information processing facilities.

11. Information Access Control Management

11.1 Control access to information.

11.2 Manage user access rights.

11.3 Encourage good access practices.

11.4 Control access to network services.

11.5 Control access to operating systems.

11.6 Control access to applications and systems.

11.7 Protect mobile and teleworking facilities.

12. Information Systems Security Management

12.1 Identify information system security requirements.

12.2 Make sure applications process information correctly.

12.3 Use cryptographic controls to protect your information.

12.4 Protect and control your organization's system files.

12.5 Control development and support processes.

13. Information Security Incident Management  SAMPLE PDF

13.1 Report information security events and weaknesses.

13.2 Manage information security incidents and improvements.

14. Business Continuity Management

14.1 Use continuity management to protect your information.

15. Compliance Management

15.1 Comply with legal requirements.

15.2 Perform security compliance reviews.

15.3 Carry out controlled information system audits.

SEE A MORE DETAILED VERSION OF ISO 27002

OTHER ISO 27002 PAGES

Introduction to ISO 27002 (17799) Information Security

ISO 27002 (17799) Security Standard Translated into Plain English

Plain English Information Security Management Definitions

Information Security Management Control Objectives

Information Security Management Audit Tool

OUR ISO 27001 PAGES

Introduction to ISO 27001 Information Security

Comparison of ISO 27001 2005 and ISO 27002 2005

Information Security Management System Development Plan

ISO 27001 2005 Information Security Standard in Plain English

Information Security Management Gap Analysis Tool

Updated on July 18, 2012. First published on December 22, 2005.

Home Page

Our Libraries

A to Z Index

Our Customers

How to Order

Our Products

Our Prices

Our Guarantee

Praxiom Research Group Limited   780-461-4514   help@praxiom.com

Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2005-2012 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research