This International Standard gives guidelines for organizational information security standards and information security management practices including the selection, implementation and management of controls taking into consideration the organization's information security risk environment(s).
This International Standard is designed to be used by organizations that intend to:
a) select controls within the process of implementing an Information Security Management System based on ISO/IE C 27001,
b) implement commonly accepted information security controls;
c) develop their own information security management guidelines.
ISO/IEC 27002:2013 Referenced Document
ISO/IEC 27000 Information technology - Security techniques - Information security management systems - Overview and vocabulary [Standard in French]*, 2018-04-01 Update
ISO/IEC 27002:2013 history
2022ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls
2015ISO/IEC 27002:2013/Cor 2:2015 Information technology — Security techniques — Code of practice for information security controls — Technical Corrigendum 2
2014ISO/IEC 27002:2013/Cor 1:2014 Information technology — Security techniques — Code of practice for information security controls — Technical Corrigendum 1
2013ISO/IEC 27002:2013 Information technology.Security techniques.Code of practice for information security controls
2005ISO/IEC 27002:2005 Information technology - Security techniques - Code of practice for information security management