It supports the ISO/IEC 27001 standard and contains a set of security controls that organizations can implement to protect their information assets. ISO 27002 is not a mandatory standard, but it can be used as a basis for developing a security program that meets the needs of an organization....
ISO/IEC 27002 is a popular international standard describing a generic selection of ‘good practice’ information security controls, typically used to mitigate unacceptable risks to the confidentiality, integrity and availability of information.Its lineage stretches back to BS 7799 in the mid-1990s....
ISO/IEC27002:2022ENInformationsecurity,cybersecurityandprivacyprotection—Informationsecuritycontrols是国际标准化组织/国际电工委员会(ISO/IEC)发布的信息安全标准,它提供了信息安全、网络安全和隐私保护方面的控制措施。 信息安全控制是指组织或个人为了保护信息的安全性和完整性而采取的一系列措施。这些措施包括保护信息...
英文名称:Information security, cybersecurity and privacy protection - Information security controls 标准状态:现行 发布日期:2022-02-15 文档简介 ISO/IEC27002:2022ENInformationsecurity,cybersecurityandprivacyprotection-Informationsecuritycontrols是一套标准化的信息安全控制规范,它涉及到信息安全的各个方面,包括网络信...
Structure of ISO 27002 The ISO 27002 standard provides a practical blueprint for organizations aiming to effectively safeguard their information assets against cyber threats. Itsthird editionintroduced a fundamental change in the grouping of the information security controls, presenting them using a simple...
controls. It is also proof of their ability to help organizations preserve the confidentiality, integrity, and availability of information, protect against threats and vulnerabilities, and reduce information security risks. Certified ISO/IEC 27002 individuals can be crucial members of an ISMS ...
ISO/IEC 27002:2013Security controlsData protection controlsComplianceWith the enforcement of the General Data Protection Regulation (GDPR) in EU, organisations must make adjustments in their business processes and apply appropriate technical and organisational measures to ensure the protection of the ...
What is ISO 27002? What is its purpose, and who should implement it? Read more about the information security controls standard in this article.
ISO/IEC 27002第二版(ISO/IEC 27002:2013《信息技术—安全技术—信息安全控制实践指南》)是一份指导性文件,可作为组织选择、实施和管理控制的参考。对于基于ISO27001实现信息安全管理体系(ISMS)的组织,它提供了附录A所列控制的详细信息。它适用于任何有信息安全最佳实践的组织,期望实现通用的信息安全控制。
在修訂後的 ISO/IEC 27002:2022 將一些不再適合當前環境的控制措施刪除,控制措施數量從 114 個減少到 93 個,其中包含新增 11 項新控制。 儘管網路攻擊的手法與樣態發生了變化,新增的 11 項控制包含了威脅情報、雲端服務使用的資訊安全和資料外洩預防等方面,將確保組織能夠持續具有能力控制自身的資訊安全。