ISO 27002 Information Technology – Security Techniques
– Code of Practice for Information Security Management is one
the most widely recognized and accepted standards being used as the
basis for information security programs worldwide. Compliance
and certification with this standard enables companies to demonstrate
to their business partners and customers that they have met a high standard
of security. The requirements, which are programmatic in nature, cover
11 core areas, described in the table below.
VeriSign, the leader in information security design,
management, and assessment services, can provide the necessary solutions
for your organization to meet ISO 27002. VeriSign has aligned with BSI
Management Systems and can now prepare organizations for an ISO 27002
Certificate of Compliance, granted by BSI.
Click here for more information regarding BSI
Management Systems ISO 27002 Certificate of Compliance.
Our services range from strategy, assessment, remediation,
to implementation. Please see our wide range of services linked
to each of the 11 security clauses in ISO 27002.
Contact Us
Select any of the services below for more information.
To design a more comprehensive compliance solution for your business,
contact VeriSign at 650-426-5310 or enterprise_security@verisign.com.
Standards of Good Practice
Core Area |
Description |
How VeriSign Helps |
Security Policy |
Management should set a clear policy direction
in line with business objectives and demonstrate support for, and commitment
to, information security through the issuance and maintenance of an
information security policy across the organization. |
Security
Policy and Program Services |
Organization of Information Security |
A management framework should be established to
initiate and control the implementation of information security within
the organization, including management of third party security.
|
|
Asset Management |
The implementation of specific controls may be
delegated by the owner, as appropriate, but the owner remains responsible
for the proper protection of assets, including information classification. |
|
Human Resources Security |
Security responsibilities should be addressed
prior to employment. Employees must also be trained on and aware of
security policies and procedures. |
Security
Policy and Program Services |
Physical and Environmental Security |
Critical or sensitive information processing facilities
should be housed in secure areas, protected by defined security perimeters. |
|
Communications and Operations Management |
Responsibilities and procedures for the management
and operation of all information processing facilities should be established.
These procedures include the majority of the requirements for technical
security controls such as email security, scanning/assessment, network
monitoring, and logging. |
|
Access Control |
Access to information, information processing
facilities, and business processes should be controlled on the basis
of business and security requirements. |
|
Information Systems Acquisition Development and Maintenance |
The design and implementation of the information
system supporting business process must address security requirements. |
|
Information Security Incident Management |
Information security events and weaknesses associated
with information systems should be communicated in a manner allowing
timely corrective action to be taken. |
|
Business Continuity Management |
A business continuity management process should
be implemented to minimize the impact on the organization and recover
from loss of information assets to an acceptable level through a combination
of preventive and recovery controls. |
Disaster
Recovery and Business Continuity |
Compliance |
The design, operation, use, and management of
information systems may be subject to statutory, regulatory, and contractual
security requirements. |
|
Learn More
Worldwide Sites
