ISO/IEC 27002-2013 pdf download

ISO/IEC 27002-2013 pdf download.Information technology一Security techniques一Code of practice for information security controls.
2 Normative references
The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments) applies.
ISO/IEC 27000, Information technology — Security techniques — Information security management systems — Overview and vocabulary
3 Terms and definitions
For the purposes of this document, the terms and definitions given in ISO/IEC 27000 apply.
4 Structure of this standard
This standard contains 14 security control clauses collectively containing a total of 35 main security categories and 114 controls.
4.1 Clauses
Each clause defining security controls contains one or more main security categories.
The orderof the clauses in this standard does not imply theirimportance. Depending on the circumstances, security controls from any or all clauses could be important, therefore each organization applying this standard should identify applicable controls, how important these are and their application to individual business processes. Furthermore, lists in this standard are not in priority order.
4.2 Control categories
Each main security control category contains:
a) a control objective stating what is to be achieved;
b) one or more controls that can be applied to achieve the control objective.
Control descriptions are structured as follows:
Control
Defines the specific control statement, to satisfy the control objective.
Implementation guidance
Provides more detailed information to support the implementation of the control and meeting the control objective. The guidance may not be entirely suitable or sufficient in all situations and may not fulfil the organization’s specific control requirements..
Other information
Provides further information that may need to be considered, for example legal considerations and references to other standards. If there is no other information to be provided this part is not shown.
5 Information security policies
5.1 Management direction for information security
Objective: To provide management direction and support for information security in accordance with business requirements and relevant laws and regulations.ISO/IEC 27002 pdf download.