ISO IEC 27002 2013 Information Security Control Objectives

Each subsection of ISO IEC 27002 starts with at least one information
security control objective. This page summarizes this useful material.

  5. Security Policy Management

 

5.1 Provide management direction and support

 

To provide management direction and
support for information security activities.

 

  6. Corporate Security Management

 

6.1 Establish an internal information security organization

 

To establish a framework to manage
information security within your organization.

 

6.2 Protect your organization's mobile devices and telework

 

To ensure the security of mobile devices and telework
(work done away from the office at home or elsewhere).

 

  7. Personnel Security Management

 

7.1 Emphasize security prior to employment

 

To ensure that prospective employees and
contractors are suitable for their future roles.

 

7.2 Emphasize security during employment

 

To ensure that employees and contractors
meet their information security responsibilities.

 

7.3 Emphasize security at termination of employment

 

To protect your organizationís interests whenever
personnel terminations occur or responsibilities change.

 

  8. Organizational Asset Management   Sample PDF

 

8.1 Establish responsibility for corporate assets

 

To protect assets associated with information
and information processing facilities.

 

8.2 Develop an information classification scheme

 

To provide an appropriate level of protection
for your organizationís information.

 

8.3 Control how physical media are handled

 

To protect information by preventing unauthorized disclosure,
modification, removal, or destruction of storage media.

 

  9. Information Access Management

 

9.1 Respect business requirements

 

To control access to your organizationís
information and information processing facilities.

 

9.2 Manage all user access rights

 

To ensure that only authorized users gain access
to your organizationís systems and services.

 

9.3 Protect user authentication

 

To make your users accountable for safeguarding
their own secret authentication information.

 

9.4 Control access to systems

 

To prevent unauthorized access to your organizationís
information, systems, and applications.

 

  10. Cryptography Policy Management

 

10.1 Control the use of cryptographic controls and keys

 

To use cryptography to protect the confidentiality,
authenticity, and integrity of information.

 

  11. Physical Security Management

 

11.1 Establish secure areas to protect assets

 

To prevent unauthorized physical access to
information and information processing facilities.

 

11.2 Protect your organizationís equipment

 

To prevent the loss, theft, damage, or compromise of
equipment and the operational interruptions that can occur.

 

  12. Operational Security Management

 

12.1 Establish procedures and responsibilities

 

To ensure that information processing facilities
are operated correctly and securely.

 

12.2 Protect your organization from malware

 

To protect information and information
processing facilities against malware.

 

12.3 Make backup copies on a regular basis

 

To prevent the loss of data,
information, software, and systems.

 

12.4 Use logs to record security events

 

To record information security events
and collect suitable evidence.

 

12.5 Control your operational software

 

To protect the integrity of your
organizationís operational systems.

 

12.6 Address your technical vulnerabilities

 

To prevent the exploitation
of technical vulnerabilities.

 

12.7 Minimize the impact of audit activities

 

To minimize the impact that audit activities
could have on systems and processes.

 

  13. Network Security Management

 

13.1 Protect networks and facilities

 

To protect information in networks and to safeguard
the information processing facilities that support them.

 

13.2 Protect information transfers

 

To protect information while itís being transferred both
within and between the organization and external entities.

 

  14. System Security Management

 

14.1 Make security an inherent part of information systems

 

To ensure that security is an integral part of information
systems and is maintained throughout the entire lifecycle.

 

14.2 Protect and control system development activities

 

To ensure that security is designed into information systems
and implemented throughout the development lifecycle.

 

14.3 Safeguard data used for system testing purposes

 

To protect and control the selection and use of data and
information when it is used for system testing purposes.

 

  15. Supplier Relationship Management

 

15.1 Establish security agreements with suppliers

 

To protect corporate information and
assets that are accessible by suppliers.

 

15.2 Manage supplier security and service delivery

 

To ensure that suppliers provide the
agreed upon level of service and security.

 

  16. Security Incident Management

 

16.1 Identify and respond to information security incidents

 

To ensure that information security incidents
are managed effectively and consistently.

 

  17. Security Continuity Management

 

17.1 Establish information security continuity controls

 

To make information security continuity an
integral part of business continuity management.

 

17.2 Build redundancies into information processing facilities

 

To ensure that information processing facilities
will be available during a disaster or crisis.

 

  18. Security Compliance Management

 

18.1 Comply with legal security requirements

 

To comply with legal, statutory, regulatory, and contractual
information security obligations and requirements.

 

18.2 Carry out security compliance reviews

 

To ensure that information security is implemented
and operated in accordance with policies and procedures.

 

Attention

If you would like to see the complete list of control objectives
in addition to all information security controls, implementation guidelines, and supporting notes, please consider purchasing
Title 37: ISO IEC 27002 2013 Translated into Plain English.

 Our Title 37 is detailed, accurate, and complete. It uses language
that is clear, precise, and easy to understand.
 We guarantee it

Contents

Sample pdf

Place Order

Check Prices

License


MORE ISO 27002 PAGES

Introduction to ISO IEC 27002 2013

Overview of ISO IEC 27002 2013 Standard

How to Use the ISO IEC 27002 2013 Standard

ISO IEC 27002 2013 Translated into Plain English

ISO IEC 27002 2013 Information Security Audit

Plain English ISO IEC 27002 2013 Checklist

ISO IEC 27002 2013 vs ISO IEC 27002 2005

ISO IEC 27000 Definitions in Plain English

ISO 27001 2013 PAGES

Introduction to ISO IEC 27001 2013

Plain English Outline of ISO IEC 27001 2013

Plain English Overview of ISO IEC 27001 2013

ISO IEC 27001 2013 versus ISO IEC 27001 2005

ISO IEC 27001 2013 Translated into Plain English

Overview of ISO IEC 27001 2013 Annex A Controls

Updated on April 21, 2014. First published on March 23, 2014.

Home Page

Our Libraries

A to Z Index

Customers

How to Order

Our Products

Our Prices

Guarantee

Praxiom Research Group      780-461-4514      help@praxiom.com


Legal Restrictions on the Use of this Page
Thank you for visiting this page. You are, of course, welcome to view our
 material as often as you wish, free of charge. And as long as you keep intact
 all copyright notices, you are also welcome to print or make one copy of this
 page for your own personal, noncommercial, home use. But, you are not
 legally authorized to print or produce additional copies or to copy and paste
 any of our material onto another web site or to republish it in any way.

Copyright © 2014 by Praxiom Research Group Limited. All Rights Reserved.

Praxiom Research Group Limited