What is ISO/IEC 27002:2013?

What is ISO/IEC 27002:2013?

ISO/IEC 27002 is an international standard used as a reference for controls when implementing an Information Security Management System, incorporating data access controls, cryptographic control of sensitive data and key management.

Regulation Summary

Among the best practices called for in ISO/IEC 27002 are:

  • Data access controls
  • Cryptographic control of sensitive data
  • Management and protection of encryption keys
  • Recording and archiving “all significant events concerning the use and management of user identities and secret authentication information” and protecting those records from “tampering and unauthorized access.”

Related Articles