ISO/IEC 27002 Code of Practice for Information Security Controls

ISO/IEC 27002 is an international standard that gives guidelines for the best Information Security management practices. These management practices will help your organizations to build confidence in their inter-organizational activities and implement a suitable set of controls, including policies, processes, organizational structures and software and hardware functions. This standard is a generic document used as a reference for selecting controls within the process of Information Security Management System implementation. ISO/IEC 27002 is intended to be used by all types of organizations, including public and private sectors, commercial and non-profit and any other organization which faces information security risks.

Benefits of ISO/IEC 27002:

• Understood the implementation of Information Security controls by adhering to the framework and principles of ISO/IEC 27002.
• Understood the relationship between the components of Information Security controls, including responsibility, strategy, acquisition, performance, conformance and human behavior.
• Gained the necessary skills to support an organization in implementing and managing ongoing Information Security controls based on ISO/IEC 27002.
• The ability to perform periodic risk assessment in an organization.
• The ability to help organizations improve the Information Security posture.
• The ability to draft and implement cost optimization strategies.