Hardening hardware and software settings to prevent security misconfigurations.
This is a comprehensive guide regarding the search for, and use of, .
Once you have the PDF, the implementation process follows these steps:
The 2022 version merged many redundant controls. For example, roughly 20 different policy-related controls were merged into a single "Policy on information security" control. Do not rely on the 2013 version for current compliance projects.
Which specific (e.g., threat intelligence or cloud services) you would like broken down into an implementation checklist Share public link
ISO/IEC 27002 is an international standard published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It serves as a reference booklet for selecting and implementing information security controls within the framework of an ISMS based on ISO/IEC 27001.
The primary source for the standard is the , where ISO/IEC 27002:2022 can be purchased directly. As of publication:
Each control is now tagged with five specific attributes, making it much easier to map to other frameworks like or CIS Controls :
Information security is a top priority for modern organizations. Data breaches, cyberattacks, and regulatory requirements demand robust security frameworks. The ISO/IEC 27000 family provides the global gold standard for managing these risks. Within this family, ISO/IEC 27002 serves as the definitive reference manual for implementing information security controls.
: Approximately CHF 208 (Swiss Francs) from the ISO store
