![iso 27002 checklist and policy iso 27002 checklist and policy](https://image.slidesharecdn.com/18104-140515064124-phpapp02/95/isoiec-270012005-naar-iso-270012013-checklist-1-638.jpg)
The standards are also open ended in the sense that the information security controls are 'suggested', leaving the door open for users to adopt alternative controls if they wish, just so long as the key control objectives relating to the mitigation of information security risks, are satisfied. Not all of the 39 control objectives are necessarily relevant to every organization for instance, hence entire categories of control may not be deemed necessary. The use of information security risk analysis to drive the selection and implementation of information security controls is an important feature of the ISO/IEC 27000-series standards: it means that the generic good practice advice in this standard gets tailored to the specific context of each user organization, rather than being applied by rote. The introduction section outlines a risk assessment process although there are more specific standards covering this area such as ISO/IEC 27005. Each organization is expected to undertake a structured information security risk assessment process to determine its specific requirements before selecting controls that are appropriate to its particular circumstances.Specific controls are not mandated since: For each of the controls, implementation guidance is provided. The information security controls are generally regarded as best practice means of achieving those objectives. Within each chapter, information security controls and their objectives are specified and outlined. Compliance - Compliance with legal and contractual requirements and Information security reviews.Information security aspects of business continuity management - Information security continuity and Redundancies.Information security incident management - Management of information security incidents and improvements.Supplier relationships - Information security in supplier relationships and Supplier service delivery management.
![iso 27002 checklist and policy iso 27002 checklist and policy](https://hightable.io/wp-content/uploads/2020/05/Stuart-High-Table-ISO-27001.jpg)
![iso 27002 checklist and policy iso 27002 checklist and policy](https://docplayer.net/docs-images/41/4686467/images/page_1.jpg)
![iso 27002 checklist and policy iso 27002 checklist and policy](https://cdn.slidesharecdn.com/ss_thumbnails/controlesiso27002-2013-161009214117-thumbnail-4.jpg)
ISO/IEC 27002 provides best practice recommendations on information security controls for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). Later in 2015 the ISO/IEC 27017 was created from that standard in order to suggest additional security controls for the cloud which were not completely defined in ISO/IEC 27002. The ISO/IEC standard was revised in 2005, and renumbered ISO/IEC 27002 in 2007 to align with the other ISO/IEC 27000-series standards. The Shell standard was developed into British Standard BS 7799 in the mid-1990s, and was adopted as ISO/IEC 17799 in 2000. The ISO/IEC 27000-series standards are descended from a corporate security standard donated by Shell to a UK government initiative in the early 1990s.
ISO 27002 CHECKLIST AND POLICY CODE
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology – Security techniques – Code of practice for information security controls.