A Sample of ISO IEC 27002
Information Security Standard
ISO IEC 27002 is a comprehensive information security standard.
It takes a very broad approach. In the context of this standard,
the term information includes all forms of data, documents,
communications, conversations, messages, recordings, and photographs.
It includes all forms of information.
Security Policy Management
Provide management direction and support
Develop your information security policies
Review your information security policies
Corporate Security Management
Establish an internal information security organization
Allocate information security roles and responsibilities
Segregate conflicting duties and responsibilities
Personnel Security Management
Emphasize security prior to employment
Verify the backgrounds of all new personnel
Use contracts to protect your information
Emphasize security during employment
Expect your managers to emphasize security
Deliver information security awareness programs
Set up a disciplinary process for security breaches
Emphasize security at termination of employment
Emphasize post-employment security requirements
Organizational Asset Management
Establish responsibility for corporate assets
Compile an inventory of assets associated with information
Select owners for all assets associated with your information
Prepare acceptable use rules for assets associated with information
Return all assets associated with information upon termination
Develop an information classification scheme
Classify your organization’s information
Establish information labeling procedures
Develop asset handling procedures
Control how physical media are handled
Manage removable media
Manage the disposal of media
Manage the transfer of media