This standard gives guidance and general principles for an organization to initiate, implement, maintain and improve information security management. The standards listed in this standard provide general guidance for generally accepted purposes of information security management. The control objectives of this standard and the implementation of control measures are designed to meet the requirements identified in the risk assessment. This standard serves as a practical guide for establishing an organization's security guidelines and effective security management practices, and helps build mutual trust in inter-organizational activities.
ISO/IEC 27002:2005 history
2022ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls
2015ISO/IEC 27002:2013/Cor 2:2015 Information technology — Security techniques — Code of practice for information security controls — Technical Corrigendum 2
2014ISO/IEC 27002:2013/Cor 1:2014 Information technology — Security techniques — Code of practice for information security controls — Technical Corrigendum 1
2013ISO/IEC 27002:2013 Information technology.Security techniques.Code of practice for information security controls
2005ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management