Information technology — Security techniques — Code of practice for information security controls
ISO/IEC 27002:2013 gives guidelines for organizational information
security standards and information security management practices
including the selection, implementation and management of controls
taking into consideration the organization’s information security risk
environment(s).
It is designed to be used by organizations that intend to:
select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;
implement commonly accepted information security controls;
develop their own information security management guidelines.
ISO/IEC 27002:2013 gives guidelines for organizational information
security standards and information security management practices
including the selection, implementation and management of controls
taking into consideration the organization’s information security risk
environment(s).
It is designed to be used by organizations that intend to:
select controls within the process of implementing an Information Security Management System based on ISO/IEC 27001;
implement commonly accepted information security controls.