ISO/IEC 27002

ISO/IEC 27002
StatusPublished
Latest version3
Mar 2022
OrganizationInternational Organization for Standardization
CommitteeISO/IEC JTC 1/SC 27
SeriesISO/IEC 27000 family
DomainInformation security management
Websitewww.iso.org/standard/75652.html Edit this at Wikidata

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information security, cybersecurity and privacy protection — Information security controls.

The ISO/IEC 27000 family of standards are descended from a corporate security standard donated by Shell to a UK government initiative in the early 1990s.[1] The Shell standard was developed into British Standard BS 7799 in the mid-1990s, and was adopted as ISO/IEC 17799 in 2000. The ISO/IEC standard was revised in 2005, and renumbered ISO/IEC 27002 in 2007 to align with the other ISO/IEC 27000-series standards. It was revised again in 2013 and in 2022.[2] Later in 2015 the ISO/IEC 27017 was created from that standard in order to suggest additional security controls for the cloud which were not completely defined in ISO/IEC 27002.

ISO/IEC 27002 provides best practice recommendations on information security controls for use by those responsible for initiating, implementing or maintaining information security management systems (ISMS). Information security is defined within the standard in the context of the CIA triad:

the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required).[3]
  1. ^ "ISO27k timeline". ISO27001security.com. IsecT Ltd. Retrieved 9 March 2016.
  2. ^ "An important information security standard has been revised". www.bsigroup.com. BSI Group. Retrieved 13 December 2022.
  3. ^ ISC CISSP Official Study Guide. SYBEX. 15 September 2015. ISBN 978-1119042716. Retrieved 1 November 2016.