What is ISO/IEC 27002:2013?
ISO/IEC 27002 is an international standard used as a reference for controls when implementing an Information Security Management System, incorporating data access controls, cryptographic control of sensitive data and key management.
Among the best practices called for in ISO/IEC 27002 are:
- Data access controls
- Cryptographic control of sensitive data
- Management and protection of encryption keys
- Recording and archiving “all significant events concerning the use and management of user identities and secret authentication information” and protecting those records from “tampering and unauthorized access.”