Is2007

1634 Words7 Pages
Outline of ISO/IEC 27002:2005 Prepared for the international community of ISO27k implementers at ISO27001security.com Version 1 28th November 2007 0 INTRODUCTION 0.1 WHAT IS INFORMATION SECURITY? 0.2 WHY INFORMATION SECURITY IS NEEDED? 0.3 HOW TO ESTABLISH SECURITY REQUIREMENTS 0.4 ASSESSING SECURITY RISKS 0.5 SELECTING CONTROLS 0.6 INFORMATION SECURITY STARTING POINT Information security is defined as the preservation of confidentiality, integrity and availability of information … Information security is defined as the preservation of confidentiality, integrity and availability of information … 0.7 CRITICAL SUCCESS FACTORS 0.8 DEVELOPING YOUR OWN GUIDELINES 1 SCOPE 2 TERMS AND DEFINITIONS 3 STRUCTURE OF…show more content…
ting utilities 9.2.3 Cabling security 9.2.4 Equipment maintenance 9.2.5 Security of equipment off-premises 9.2.6 Secure disposal or re-use of equipment 9.2.7 Removal of property 10 COMMUNICATIONS AND OPERATIONS MANAGEMENT 10.1 OPERATIONAL PROCEDURES AND RESPONSIBILITIES 10.1.1 Documented operating procedures 10.1.2 Change management Information security controls primarily within the IT service delivery function Information security controls primarily within the IT service delivery function 10.1.3 Segregation of duties 10.1.4 Separation of development, test, and operational facilities 10.2 THIRD PARTY SERVICE DELIVERY MANAGEMENT 10.2.1 Service delivery 10.2.2 Monitoring and review of third party services 10.2.3 Managing changes to third party services 10.3 SYSTEM PLANNING AND ACCEPTANCE 10.3.1 Capacity management 10.3.2 System acceptance 10.4 PROTECTION AGAINST MALICIOUS AND MOBILE CODE 10.4.1 Controls against malicious code 10.4.2 Controls against mobile code 10.5 BACK-UP 10.5.1 Information back-up 10.6 NETWORK SECURITY MANAGEMENT 10.6.1 Network controls 10.6.2 Security of network services 10.7 MEDIA HANDLING 10.7.1 Management of removable media 10.7.2 Disposal of media 10.7.3 Information handling procedures 10.7.4 Security of system documentation 10.8 EXCHANGE OF INFORMATION 10.8.1 Information exchange policies and procedures 10.8.2 Exchange agreements 10.8.3 Physical media in transit 10.8.4

    More about Is2007

      Open Document