Professional Documents
Culture Documents
____________________________________________________________________________
____________________________________________________________________________
IS Management Standards:
ISO 27001: Information Security Management System (ISMS)
USA: NIST
While the ISO 27002 (code of practice) defines a set of security goals and
controls, ISO 27001 (ISMS) defines how to manage the implementation of security
controls.
Organizations can be certified against ISO 27001 but not against ISO 27002