ISO 27002 is an international standard for information security management and provides a comprehensive framework for protecting sensitive information. The standard outlines 14 control domains, each consisting of multiple controls, that organizations should implement to manage and protect their information security.
Here is a summary of the 14 control domains and their controls:
Access Control: Controls to manage access to information and information systems.
Asset Management: Controls to manage and protect information assets.
Business Continuity Management: Controls to ensure the availability of information and information systems in the event of a disaster or interruption.
Classification of Information: Controls to classify information based on its importance and sensitivity.
Compliance: Controls to ensure compliance with legal, regulatory, and organizational requirements.
Cryptographic Controls: Controls to protect information using cryptography.
Human Resources Security: Controls to manage the security of employees and contractors.
Incident Management: Controls to manage and respond to security incidents.
Information Security Management: Controls to manage the information security program.
Physical and Environmental Security: Controls to protect information and information systems from physical threats.
Operations Security: Controls to manage the day-to-day operations of information systems.
Protection of Information: Controls to protect the confidentiality, integrity, and availability of information.
Security Architecture and Design: Controls to design and implement secure information systems.
Supply Chain Management: Controls to manage the security of third-party suppliers and services.
It is important to note that while these are the 14 control domains outlined by ISO 27002, the specific controls and implementation details will vary based on the organization's specific needs and risks.
Our team of experts has years of experience in helping organizations assess, implement, and maintain their information security management systems.
ISO 27002 is the international standard for information security management. It provides a comprehensive framework for managing and protecting sensitive information, including data privacy and protection, access control, and disaster recovery. Our ISO 27002 control assessments help organizations understand the strengths and weaknesses of their current information security management systems, identify areas for improvement, and develop a roadmap for achieving compliance with the standard.
ISO 27017 is the international standard for cloud security. It provides guidance on the security controls that should be in place when using cloud services, including data protection, access control, and incident management. Our ISO 27017 control assessments help organizations understand their cloud security posture, identify areas for improvement, and develop a roadmap for achieving compliance with the standard.
In addition to control assessments, we also offer maturity uplifting services to help organizations improve the effectiveness and efficiency of their information security management systems. This may include the development of policies and procedures, the implementation of new technologies, and the training of employees on best practices for information security.
Our team of experts uses a combination of industry-leading tools, best practices, and hands-on experience to deliver customized, actionable recommendations to our clients. We are committed to helping organizations of all sizes improve their information security posture and achieve compliance with ISO 27002 and ISO 27017.
Contact us today to schedule a consultation and learn more about our ISO 27002 and ISO 27017 control assessments and maturity uplifting services.