ISO 27002
In 2000, ISO developed ISO 17799 from the British standard BS 7799. This was renamed ISO 27002 in 2005.
The globally accepted ISO 27002 standard is part of the ISO 2700x series of standards and deals with the control mechanisms, their methods and procedures that have proven themselves in IT security. The standard does not recommend specific security solutions; however, companies and organizations in all industries should follow and implement the guidelines listed in the standard. ISO 27002 includes a formal recognition and certification process for compliance with the standards.
ISO 27002 is a collection of recommendations for IT security and can be used at all hierarchical levels of companies, institutions and organizations. Since the variety of security aspects is shaped by the system environment and the company organization, ISO 27002 is a flexible standard that allows for its own interpretations.
ISO 27002 includes chapters on the structure and organization of IT security, risk management, security policy, asset management, personal security, communication and operational management, access control, development and maintenance of IT systems and their security management, and compliance.