What is the relationship between ISO 27001 and ISO 27002?
What is the relationship between ISO 27001 and ISO 27002?
ISO 27002 is a supplementary standard that focuses on the information security controls that organisations might choose to implement. These controls are listed in Annex A of ISO 27001, which is what you’ll often see information security experts refer to when discussing information security controls.
What is the purpose of ISO 27002?
The ISO 27002 standard is a collection of information security guidelines that are intended to help an organization implement, maintain, and improve its information security management.
What is the difference between ISO 27001 and ISO 27000?
ISO 27000 is a series of international standards all related to information security. The ISO 27001 standard has an organizational focus and details requirements against which an organization’s ISMS (Information Security Management System), can be audited.
What is ISO 27002 standard?
ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization’s information security risk environment(s).
How many controls are there in ISO 27002?
Broadly speaking, the number of security controls in the new version of ISO 27002:2022 has decreased from 114 controls in 14 clauses in the 2013 edition to 93 controls in the 2022 edition. These security controls are now categorised into four control “themes.”
How many controls are in ISO 27002?
14 security controls
Published in October 2013, the latest version of ISO 27002 covers 14 security controls areas (numbered from 5 to 18), with implementation guidance and requirements for each specific control.
How many domains are there in ISO 27002?
The 14 domains of ISO 27001 are –
| Information security policies | Organisation of information security |
|---|---|
| Human resource security | Asset management |
| Access control | Cryptography |
| Physical and environmental security | Operations security |
| Operations security | System acquisition, development and maintenance |
What are the main items that comprise ISO 27002?
ISO 27002 controls list
- A.5 Information security policies.
- 7 Human resource security.
- 9 Access control.
- 11 Physical and environmental security.
- 13 Communications security.
- 15 Supplier relationships.
- 17 Information security aspects of business continuity management.
What are the pillars of ISO 27001?
Within the technology pillar there are three important elements: confidentiality, integrity and availability. The ISO 27001 standard references human resource security as one of their criteria.
