ISO/IEC 27002 - Code of Practice for Information Security Controls (CPISC)
ISO/IEC 27002 - Code of Practice for Information Security Controls is a code of practice. It is not as comprehensive and complete as off ISO 27001. ISO 27002:2013 specifies multiple important controls and control mechanism guided by ISO 27001.
This standard provides guidelines for organizations to develop, implement, manage and improve their security management system(s). The controls enlisted by this standard are dependent upon a specific requirement identified by risk assessment methods.
Benefits of ISO 27002
- Develop a Security Policy
- Information Security Management
- Securing Human Resource related information
- Managing and Securing Assets
- Access control mechanism
- Encrypting confidential data adds an extra security layer
- Physical and Virtual Security Controls
- Securing Operational Activities
- Communication through Secure Channels
- Gain Consumer's trust