ISOIEC+27002+2005+Code+of+Practice+for+Information+Security+Management

ISO/IEC 27002:2005 - Code of Practice for Information Security Management (formerly ISO/IEC 17799) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined in this International Standard provide general guidance on the commonly accepted goals of information security management.

The control objectives and controls of ISO/IEC 27002 are intended to be implemented to meet the requirements identified by a risk assessment. This International Standard may serve as a practical guideline for developing organizational security standards and effective security management practices and to help build confidence in inter-organizational activities.

ISO/IEC 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS).

The standard addresses the following security subjects:

• Security policy • Organizing information security • Asset management • Human resources security • Physical and environmental security • Communications and operations management • Access control • Information systems acquisition, development and maintenance • Information security incident management • Business continuity management • Compliance

ISO/IEC 27002 is a companion Standard to ISO/IEC 27001:2005 - Information Security Management Systems - Requirements.

Special guidance for implementing ISO/IEC 27002 in the health care environment can be found in the ISO Standard ISO 27799 - Information security management in health using ISO/IEC 27002. = = =External Links:=

[|American National Standards Institute Web Store - Link to Purchase ISO/IEC 27002] [|American National Standards Institute Web Store - Link to Purchase ISO/IEC 27001] [|American National Standards Institute Web Store - Link to Purchase ISO/IEC 27799]