ISO27001/ISO27002 A Pocket Guide, 2nd edition

CHAPTER 7: OVERVIEW OF ISO/IEC 27002:2013

This Standard’s title is ‘Information technology – Security techniques – Code of practice for information security management’. Published in October 2013, it replaced the previous edition, ISO/IEC 27002:2005.

It is a code of practice, not a specification. It uses words like ‘should’ and ‘may’: It ‘may be regarded as a starting point for developing organisation-specific guidelines’.¹

ISO27002 is more than twice as long as ISO27001, with 90 pages, 8 of which are introductory material. Some 78 pages deal, in detail, with information security controls. This standard has 18 clauses, as shown below:

• Foreword

0. Introduction

1. Scope

2. Normative references

3. Terms and definitions

4. Structure of this standard ...

Get ISO27001/ISO27002 A Pocket Guide, 2nd edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

ISO27001/ISO27002 A Pocket Guide, 2nd edition by Alan Calder

CHAPTER 7: OVERVIEW OF ISO/IEC 27002:2013

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly