ISO / IEC 27002 is an information security standard published by ISO and IEC . It is entitled Information Technologies - Security Technologies - Practical Information Security Management Rules ( English information technology - Security techniques - ). Until 2007, this standard was called ISO / IEC 17799 . The standard was developed in 2005 based on the ISO 17799 version published in 2000 , which was a complete copy of British Standard BS 7799-1: 1999 .
The standard provides the best practical advice on information security management for those responsible for creating, implementing or maintaining information security management systems. Information security is defined by the standard as “preservation of confidentiality (confidence that information is available only to those who are authorized to have such access), integrity (guarantees of accuracy and completeness of information, as well as methods of its processing) and availability (guarantees that authorized users have access to information and related resources) ”.
The current version of the standard consists of the following main sections:
- Security Policy
- Organization of information security
- Asset management
- Human Security Security
- Physical and environmental security
- Communications and operations management
- Access control
- Acquisition, development and support of systems ( Information systems acquisition, development and maintenance )
- Information Security incident incident management
- Managing the smooth operation of the organization ( Business continuity management )
- Compliance ( Compliance )
Links
- GOST R ISO / IEC 27002-2012 (ISO / IEC 27002: 2005) - Code of Practice for Information Security Management.
- GOST R ISO / IEC 17799-2005 (ISO / IEC 17799: 2000) - Practical rules for managing information security. PDF version of the document.