This page is currently queued for revision. It should probably be moved to frameworks since it is not technically a standard (it is just created by a standardization body).
Information technology - Security techniques - Code of practice for information security controls
Acronyms, Abbreviations, and Initialisms
|Short Form||Full Form|
|IEC||International Electrotechnical Commission|
|ISO||International Organization for Standardization|
ISO/IEC 27002 provides guidelines for organizational information security standards including the selection, implementation, and management of controls taking into consideration the organization's information security risk environments.
It is designed to be used by organizations that intend to select controls within the process of implementing an ISMS based on ISO/IEC 27001.
ISO/IEC 27002 is how ISO/IEC 27001 is accomplished.