Contextual details, such as legal considerations or links to other standards.
Reduces vulnerability to cyberattacks and data loss.
is an international standard that serves as a detailed "code of practice" for organizations looking to establish, implement, or maintain an Information Security Management System (ISMS). While ISO/IEC 27001 defines the requirements for an ISMS, ISO/IEC 27002 provides the how-to —the specific implementation guidance for the controls listed in Annex A of ISO 27001. 1. Structural Overview ISO/IEC 27002:2013
Network security and information transfer.
User responsibilities and managing system/application access. Contextual details, such as legal considerations or links
Inventory of assets and acceptable use.
Controls for before, during, and after employment. and after employment. A brief
A brief, specific recommendation for implementation.