ISO IEC 27002:2005 Information Technology Security by ISO/IEC/JTC 1/SC 27


ISO/IEC 27002:2005 contains ISO/IEC 17799:2005 and ISO/IEC 17799:2005/Cor.1:2007. Its technical content material is the same to that of ISO/IEC 17799:2005. ISO/IEC 17799:2005/Cor.1:2007 alterations the reference variety of the normal from 17799 to 27002.

ISO/IEC 27002:2005 establishes instructions and basic rules for beginning, imposing, holding, and bettering info defense administration in a company. The ambitions defined supply common advice at the mostly accredited ambitions of knowledge safeguard administration. ISO/IEC 27002:2005 includes most sensible practices of keep an eye on goals and controls within the following components of knowledge defense management:

  • security policy;
  • organization of knowledge security;
  • asset management;
  • human assets security;
  • physical and environmental security;
  • communications and operations management;
  • access control;
  • information structures acquisition, improvement and maintenance;
  • information protection incident management;
  • business continuity management;
  • compliance.

The regulate targets and controls in ISO/IEC 27002:2005 are meant to be applied to fulfill the necessities pointed out via a chance evaluate. ISO/IEC 27002:2005 is meant as a standard foundation and useful guide for constructing organizational protection criteria and powerful defense administration practices, and to assist construct self assurance in inter-organizational activities.

Show description

Read Online or Download ISO IEC 27002:2005 Information Technology Security Techniques PDF

Similar reference books

Polypropylene - An A-Z Reference

This multiauthor publication reports the current nation of data on the producing, processing and functions of neat, changed, stuffed and strengthened polypropylenes. a world workforce of best specialists surveys all very important clinical and technical elements of polypropylene (PP) in a concise demeanour.

Endothelial Mechanisms of Vasomotor Control: With special Reference to the Coronary Circulation

In recent times, we've got witnessed a fast enlargement of our wisdom concerning the function of the endothelium within the keep an eye on of vascular tone (and organ perfusion) in future health and sickness. body structure, pharmacology, and molecular biology have exposed a wealth of knowledge on constitution and serve as of this heretofore mostly overlooked "organ".

Industrial chemical thesaurus

Includes exchange identify chemical substances associated with chemical compounds with touch info for brands that produce those chemical compounds below their alternate identify or customary names. summary: comprises alternate identify chemical substances associated with chemical substances with touch info for brands that produce those chemical substances less than their alternate identify or widely used names

Time-Series Prediction and Applications. A Machine Intelligence Approach

This ebook provides computing device studying and type-2 fuzzy units for the prediction of time-series with a specific concentrate on company forecasting functions. It additionally proposes new uncertainty administration concepts in an monetary time-series utilizing type-2 fuzzy units for prediction of the time-series at a given time aspect from its previous worth in fluctuating company environments.

Additional info for ISO IEC 27002:2005 Information Technology Security Techniques

Example text

3 Acceptable use of assets Control Rules for the acceptable use of information and assets associated with information processing facilities should be identified, documented, and implemented. 1); Specific rules or guidance should be provided by the relevant management. Employees, contractors and third party users using or having access to the organization’s assets should be aware of the limits existing for their use of organization’s information and assets associated with information processing facilities, and resources.

Considering documents with similar security requirements together when assigning classification levels might help to simplify the classification task. In general, the classification given to information is a shorthand way of determining how this information is to be handled and protected. 2 Information labeling and handling Control An appropriate set of procedures for information labeling and handling should be developed and implemented in accordance with the classification scheme adopted by the organization.

Information on all candidates being considered for positions within the organization should be collected and handled in accordance with any appropriate legislation existing in the relevant jurisdiction. Depending on applicable legislation, the candidates should be informed beforehand about the screening activities. 3 Terms and conditions of employment Control As part of their contractual obligation, employees, contractors and third party users should agree and sign the terms and conditions of their employment contract, which should state their and the organization’s responsibilities for information security.

Download PDF sample

Rated 4.96 of 5 – based on 22 votes