ISO 27002 Security Directory

The ISO 27002  & ISO 27001 Directory                    

Buy ISO 27002
FAQ: ISO 27002
Security Policies
Risk Assessment






Welcome to the ISO 27002 and ISO 27001 Information Security Directory, the source of information, background and compliance resources dedicated exclusively to these two emerging standards. 

What Are ISO 27001 and ISO 27002?
ISO 27002 is of course based upon the 17799 standard, and is described as a set of information security controls describing "best practices in information security". These controls are intended to be selected from whilst implementing a security strategy. The document was originally published by the DTI in the United Kingdom as a 'code of practice', and later went on to be published as BS7799-1. This was later republished as ISO17799 (which was again updated in 2005). This in turn became ISO 27002 in 2007.

ISO 27001 is a specification for an ISMS, an Information Security Management System. This was formally published by the BSI as BS7799-2 in 2002. In essence it describes the overall management model, within which controls from ISO 27002 are selected as appropriate 

The Table of Contents of ISO 27002
The controls within ISO27002 reflect 17799 and are organized into chapters::
Risk Assessment & Treatment
Security Policies 
Asset Management
Comms and Operations
Physical and Environmental 
Access Control
Information Systems Acquisition, Development and Maintenance
IS Incident Management

The current standard also includes chapters covering Scope, Structure and Terms & Definitions.

Implementation and Certification
Certification is against ISO 27001 rather than ISO 27002/17799, and will remain so. Implementation, however, involves both of these standards, and of course is a pre-requisite of the former. 

The benefits can be wide and varied, as the introduction of a confirmed status in terms of information security practice can often be used to leverage wider market advantage.  This in itself is a significant driver for greater uptake of the standard itself.

Where to Start
Hopefully, the ISO 27002 and ISO 27001 Security Directory can help kick start the process. By selecting the options on the left you will be able to obtain a copy of the standards themselves, view supporting security policies and software, and access a range of other useful resources/items.

Additional Information
If you need further help, or perhaps wish to send some feedback on this website, please use the form on our  feedback page.  



Security Portals: CNET  The Register Google


Buy ISO 27002 ] Audit ] FAQ: ISO 27002 ] Security Policies ] Risk Assessment ] Feedback ]