BS EN ISO/IEC 27002:2022

$158.93

Information security, cybersecurity and privacy protection. Information security controls

Published By	Publication Date	Number of Pages
BSI	2022	166

Guaranteed Safe Checkout

Category: BSI

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

Description

PDF Catalog

PDF Pages	PDF Title
2	undefined
4	European foreword Endorsement notice
8	Foreword
9	Introduction
13	1 Scope 2 Normative references 3 Terms, definitions and abbreviated terms 3.1 Terms and definitions
18	3.2 Abbreviated terms
19	4 Structure of this document 4.1 Clauses
20	4.2 Themes and attributes
21	4.3 Control layout 5 Organizational controls 5.1 Policies for information security
23	5.2 Information security roles and responsibilities
24	5.3 Segregation of duties
25	5.4 Management responsibilities
26	5.5 Contact with authorities
27	5.6 Contact with special interest groups 5.7 Threat intelligence
29	5.8 Information security in project management
30	5.9 Inventory of information and other associated assets
32	5.10 Acceptable use of information and other associated assets
33	5.11 Return of assets
34	5.12 Classification of information
35	5.13 Labelling of information
36	5.14 Information transfer
39	5.15 Access control
41	5.16 Identity management
42	5.17 Authentication information
44	5.18 Access rights
45	5.19 Information security in supplier relationships
47	5.20 Addressing information security within supplier agreements
49	5.21 Managing information security in the ICT supply chain
51	5.22 Monitoring, review and change management of supplier services
53	5.23 Information security for use of cloud services
55	5.24 Information security incident management planning and preparation
57	5.25 Assessment and decision on information security events 5.26 Response to information security incidents
58	5.27 Learning from information security incidents
59	5.28 Collection of evidence
60	5.29 Information security during disruption 5.30 ICT readiness for business continuity
62	5.31 Legal, statutory, regulatory and contractual requirements
63	5.32 Intellectual property rights
65	5.33 Protection of records
66	5.34 Privacy and protection of PII
67	5.35 Independent review of information security
68	5.36 Compliance with policies, rules and standards for information security
69	5.37 Documented operating procedures
70	6 People controls 6.1 Screening
71	6.2 Terms and conditions of employment
72	6.3 Information security awareness, education and training
74	6.4 Disciplinary process
75	6.5 Responsibilities after termination or change of employment 6.6 Confidentiality or non-disclosure agreements
77	6.7 Remote working
78	6.8 Information security event reporting
79	7 Physical controls 7.1 Physical security perimeters
80	7.2 Physical entry
82	7.3 Securing offices, rooms and facilities 7.4 Physical security monitoring
83	7.5 Protecting against physical and environmental threats
84	7.6 Working in secure areas
85	7.7 Clear desk and clear screen
86	7.8 Equipment siting and protection
87	7.9 Security of assets off-premises
88	7.10 Storage media
89	7.11 Supporting utilities
90	7.12 Cabling security
91	7.13 Equipment maintenance
92	7.14 Secure disposal or re-use of equipment
93	8 Technological controls 8.1 User endpoint devices
95	8.2 Privileged access rights
96	8.3 Information access restriction
98	8.4 Access to source code
99	8.5 Secure authentication
101	8.6 Capacity management
102	8.7 Protection against malware
104	8.8 Management of technical vulnerabilities
107	8.9 Configuration management
109	8.10 Information deletion
110	8.11 Data masking
112	8.12 Data leakage prevention
113	8.13 Information backup
114	8.14 Redundancy of information processing facilities
115	8.15 Logging
118	8.16 Monitoring activities
120	8.17 Clock synchronization
121	8.18 Use of privileged utility programs
122	8.19 Installation of software on operational systems
123	8.20 Networks security
124	8.21 Security of network services
125	8.22 Segregation of networks
126	8.23 Web filtering
127	8.24 Use of cryptography
129	8.25 Secure development life cycle
130	8.26 Application security requirements
132	8.27 Secure system architecture and engineering principles
134	8.28 Secure coding
136	8.29 Security testing in development and acceptance
138	8.30 Outsourced development
139	8.31 Separation of development, test and production environments
140	8.32 Change management
141	8.33 Test information
142	8.34 Protection of information systems during audit testing
144	Annex A (informative) Using attributes
155	Annex B (informative) Correspondence of ISO/IEC 27002:2022 (this document) with ISO/IEC 27002:2013
162	Bibliography

Additional information

Status	Definitive
Pages	166
Publication Date	2022-11-09
ISBN	978 0 539 03716 6
Standard Number	BS EN ISO/IEC 27002:2022
Title	Information security, cybersecurity and privacy protection. Information security controls
Identical National Standard Of	EN ISO/IEC 27002:2022, ISO/IEC 27002, ISO/IEC 27002:2022 – TC
Replaces	BS EN ISO/IEC 27002:2017
Descriptors	Computer hardware, Data security, Management, Computer software, Access, Data processing, Information exchange, Data storage protection, Computers, Computer networks, Data transmission
Publisher	BSI
Committee	IST/33/1
ICS Codes	35.040 - Information coding

Preview PDF


PDF Format	Searchable	Printable	Preview Now

BS EN ISO/IEC 27002:2022

PDF Catalog

Related products