ISO27002:2013

Outline for ISO27002:2013

The current version (as of January 2015) is the ISO27002:2013. In this version the norm considers 14 domains, described in chapters 6 to 19:

  1. Introduction
  2. Scope
  3. Normational references
  4. Terms and Definitions
  5. Structure of this standard
  6. Information Security Policies
  7. Organization of Information Security
  8. Human Resource Security
  9. Asset Management
  10. Access Control
  11. Cryptography
  12. Physical and environmental security
  13. Operation Security- procedures and responsibilities, Protection from malware, Backup, Logging and monitoring, Control of operational software, Technical vulnerability management and Information systems audit coordination
  14. Communication security – Network security management and Information transfer
  15. System acquisition, development and maintenance – Security requirements of information systems, Security in development and support processes and Test data
  16. Supplier relationships – Information security in supplier relationships and Supplier service delivery management
  17. Information security incident management – Management of information security incidents and improvements
  18. Information security aspects of business continuity management – Information security continuity and Redundancies
  19. Compliance – Compliance with legal and contractual requirements and Information security reviews

Source: Wikipedia.