Establish a Security Policy with These Security Regulations:
ISO/IEC 27002 – Guide to Best Practices in Information Security
Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities.
ISO/IEC 27002 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 27002 contains best practices of control objectives and controls in the following areas of information security management:
- security policy
- organization of information security
- asset management & risk assessment
- human resources security
- physical and environmental security
- communications and operations management
- access control
- information systems acquisition, development and maintenance
- information security incident management
- business continuity management
- compliance.
The objectives and controls in ISO/IEC 27002 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 27002 is a practical guideline for developing organizational security standards and effective information security management practices to help build confidence in inter-organizational activities.
