Sets out guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. Contains best practices regarding control objectives and controls in information security management.
SANS 27002:2008 history
2008SANS 27002:2008 Information technology - Security techniques - Code of practice for information security management