ISO 27002:2005

Posted on August 31, 2009 | Leave a comment

business continuity
ISO 27002:2005
Information technology — Security techniques — Code of practice for information security management
ISO/IEC 27002 part of a growing family of ISO/IEC ISMS standards, the ‘ISO/IEC 27000 series’ is an information security standard published by the International Organization for Standardization (ISO) and the International Electro technical Commission (IEC) as ISO/IEC 17799:2005 and subsequently renumbered ISO/IEC 27002:2005 in July 2007, bringing it into line with the other ISO/IEC 27000-series standards. It is entitled Information technology – Security techniques – Code of practice for information security management. The current standard is a revision of the version first published by ISO/IEC in 2000, which was a word-for-word copy of the British Standard (BS) 7799-1:1999.
ISO/IEC 27002 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad:
the preservation of confidentiality (ensuring that information is accessible only to those authorised to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorised users have access to information and associated assets when required).
Contents

Outline of the Standard
After the introductory sections, the standard contains the following twelve main sections:
1. Risk assessment
2. Security policy – management direction
3. Organization of information security – governance of information security
4. Asset management – inventory and classification of information assets
5. Human resources security – security aspects for employees joining, moving and leaving an organization
6. Physical and environmental security – protection of the computer facilities
7. Communications and operations management – management of technical security controls in systems and networks
8. Access control – restriction of access rights to networks, systems, applications, functions and data
9. Information systems acquisition, development and maintenance – building security into applications
10. Information security incident management – anticipating and responding appropriately to information security breaches
11. Business continuity management – protecting, maintaining and recovering business-critical processes and systems
12. Compliance – ensuring conformance with information security policies, standards, laws and regulations
Within each section, information security controls and their objectives are specified and outlined. The information security controls are generally regarded as best practice means of achieving those objectives. For each of the controls, implementation guidance is provided. Specific controls are not mandated since:
1. Each organization is expected to undertake a structured information security risk assessment process to determine its specific requirements before selecting controls that are appropriate to its particular circumstances. The introduction section outlines a risk assessment process although there are more specific standards covering this area such as ISO/IEC 27005.
2. It is practically impossible to list all conceivable controls in a general purpose standard. Industry-specific implementation guidelines for ISO/IEC 27001 and ’27002 are anticipated to give advice tailored to organizations in the telecomms, financial services, healthcare and other industries.

The control objectives and controls in ISO/IEC 27002:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.

References:
Wikipedia.org
iso.org

About BCCManagement:
We have been in Business since 2006 we have participated in several related International Conferences and seminars held in many countries including Canada, United Kingdom, and the United States. Also, we published numerous Business Continuity studies and articles in renowned magazines and international websites, noting that BCCManagement had been actively involved in the development of standards dealing with Business Continuity namely the Business Continuity Standard BS25999.
BCCManagement Professional team is proudly certified by the “Business Continuity Institute (BCI) England” which is the major international players in Business Continuity field.
For More info:
Business Continuity Consultancy and Management
info@bccmanagement.com http://www.bccmanagement.com

North America +1.800.961.7592 Fax: +1.613.248.5149 P.O.Box 42054- RPO ST Laurent, Ottawa, Ontario K1k4L8, Canada

Middle East office +961.7061.9274 Fax: +961.923.2406 P.O.Box 116-5108, Beirut, Lebanon

Our Partners:
Thebci

This entry was posted in 27002-2005, bcc management, BCCMANAGEMENT, bccmanagement partnership bci, bccmanagement partnership with bci, BCCMANAGEMENT.COM, BCI, bci partnership, British Standards Institution, BS 25999, BS 25999-1:2006, BS 25999-2:2007, bs25999, BS25999 CERTIFICATION PROCESS, BS25999-2:2007, BSI BS25999 CERTIFICATION PROCESS, BSI-GLOBAL, Business Continuity, Business Continuity Assessment, Business Continuity certification, Business Continuity certifications, Business Continuity Institute, Business Continuity Institutes, business continuity Lebanon, Business Continuity Management, business continuity middle east, business continuity mina, Business Continuity partnership, business continuity plan Lebanon, business continuity plan middle east, business continuity planning Lebanon, business continuity planning middle east, Business Continuity press realease, Business Continuity press release, business continuity strategy, business strategy, computer, continuity central, continuity planning, continuitycentral.com, counter, Disaster Recovery, Disaster Recovery plan, Disaster Recovery planning, I.t, iec 27002-2005, information security, iso 27002-2005, iso iec 27002-2005, it, it continuity, it security, mena, middle east, Middle East and north africa, middle east north africa, network, networking, pandemic, partnership, poll, press release, Security, swine flu, thebci.org, University, virus, Workforce Continuity and tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s