Questions tagged [iso27002]

ISO/IEC 27002 is a code of practice - a generic, advisory document which recommends information security controls addressing information security control objectives arising from risks to the confidentiality, integrity and availability of information.

An information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information technology – Security techniques – Code of practice for information security controls.

It is an advisory standard that is meant to be interpreted and applied to all types and sizes of organization according to the particular information security risks they face.

source Wikipedia:

ISO/IEC_27002

7 questions

votes

5 answers

Expressing the risk of not having a security policy (e.g. ISO 27002, chapter 5)

How do I express non-compliance to ISO 27002 chapter 5 as a risk? The basic principle of an ISMS according to ISO 27001 is a risk-based approach. Following this, every control of Annex A (ISO 27002) needs to be evaluated and included or (with…

asked Mar 21 '18 at 12:45

Tom

10,124
18
51

vote

1 answer

Does a customer who uses a cloud service provider with ISO27017 compliance, need their own certificate to be compliant themselves?

ISO 27017 advises both cloud service customers and providers. Microsoft Azure is compliant with ISO27017. Let us say that a cloud service customer who uses Microsoft Azure wants to be compliant with ISO27017 - I assume that he/she is not…

iso27001 iso27002

asked Oct 31 '19 at 11:42

gordon613

vote

2 answers

ISO 27002 Controls - Which Ones to Implement First

Im struggling to understand in which order I should implement the ISO 27002 controls. I was thinking about using the CIS Top 20 to help but what is the best route?

iso27002

asked Apr 05 '19 at 00:57

errMSG

votes

1 answer

What alternative standard for ISO 27001 can be used in Australia?

I am looking for alternatives, that are less strict and less time consuming, than ISO 27001. Australia is in the Commonwealth, so maybe Cyber Essentials Plus could work, but I do not know if that plays a part in it being recognized by the Australian…

audit iso27001 standards business-risk iso27002

asked Apr 16 '21 at 23:03

Maria Celeste Galera Laferrere

votes

0 answers

standards reference to perimeter security

I have the following problematic that I am currently dealing with. I have two zones/perimeters that need to be interconnected, some standards protocols have to be whitelisted such as HTTP, FTP, SSH and so on. But the only issue that the two zones…

network firewalls iso27001 isolation iso27002

asked May 02 '19 at 08:27

Ants0

-1

votes

1 answer

ISO 27001 2013 version not being updated

Is there any reason why an information security standard such as ISO 27001 is not getting updated as Information Security field is constantly changing and also the requirements but its latest version is for 2013?

iso27001 standards iso27002

asked Jun 20 '21 at 21:12

John

-1

votes

1 answer

Potential risks per ISO 27002 clauses 5-18

I have a study project related to establishing of ISO 27001. I will do GAP analyses on "fictional" company over all ISO 27001 Annex A controls using ISO 27002. After I do that, I will detect the risks using the results of that GAP analyses. So my…

risk-analysis iso27001 iso27002 iso27005

asked Dec 02 '18 at 15:03

OrangeSpider