ISO/IEC 27002:2013 Information technology — Security techniques
ISO/IEC 27002:2013 gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s). It is designed to be used by organizations that intend to: select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001; implement commonly accepted information security controls; develop their own information security management guidelines.
Stronger data protection with updated guidelines on assessing information security controls
On a planet that continues to digitalize, SC 27 will continue to allow us all to benefit from the opportunities of the digital world, while minimizing threats, loss and disruptions.
We all need to remain vigilant when it comes to the things that we can easily control, like choosing a strong password. After all, it’s usually human behaviour that’s the weakest link in the IT security chain. But we can breathe a sigh of relief when it comes to the secure daily working of IT itself, counting on International Standards and groups like JTC 1, ISO and the IEC’s joint technical committee on information technology. Within JTC 1, cutting-edge work in areas from data management to streaming videos is being standardized by more than 40 subcommittees. Some of these subcommittees, in areas like artificial intelligence, are just a few years old, while others have been around quite a bit longer.
ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection
Amongst SC 27’s most substantial achievements is the development of the world’s three best-selling information security standards: ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27701. Recently developed, ISO/IEC 27701, Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines, helps organizations reconcile privacy regulatory requirements. It also outlines a comprehensive set of operational controls that can be mapped to various regulations, including the GDPR 1. It is clear that SC 27 standards make life safer, easier and better for people, as consumers and citizens, at the same time as bringing considerable benefits to business and government. SC 27’s activities cover many areas from general methods to techniques and guidelines to address both information security and privacy aspects.
Stronger data protection with updated guidelines on assessing information security controls.
Amongst SC 27’s most substantial achievements is the development of the world’s three best-selling information security standards: ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27701. Recently developed, ISO/IEC 27701, Security techniques – Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management – Requirements and guidelines, helps organizations reconcile privacy regulatory requirements. It also outlines a comprehensive set of operational controls that can be mapped to various regulations, including the GDPR 1. It is clear that SC 27 standards make life safer, easier and better for people, as consumers and citizens, at the same time as bringing considerable benefits to business and government. SC 27’s activities cover many areas from general methods to techniques and guidelines to address both information security and privacy aspects.
Alias quia non aliquid. Eos et ea velit. Voluptatem maxime enim omnis ipsa voluptas incidunt. Nulla sit eaque mollitia nisi asperiores est veniam.
