{"id":415481,"date":"2024-10-20T06:05:27","date_gmt":"2024-10-20T06:05:27","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-iso-iec-270022022\/"},"modified":"2024-10-26T11:19:31","modified_gmt":"2024-10-26T11:19:31","slug":"bs-en-iso-iec-270022022","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-iso-iec-270022022\/","title":{"rendered":"BS EN ISO\/IEC 27002:2022"},"content":{"rendered":"<h4>PDF Catalog<\/h4>\n<table border=\"1px\" class=\"des-table\">\n<tr>\n<th>PDF Pages<\/th>\n<th>PDF Title<\/th>\n<\/tr>\n<tr>\n<td><b>2<b><\/td>\n<td>undefined  <\/td>\n<\/tr>\n<tr>\n<td><b>4<b><\/td>\n<td>European foreword <br \/> Endorsement notice  <\/td>\n<\/tr>\n<tr>\n<td><b>8<b><\/td>\n<td>Foreword   <\/td>\n<\/tr>\n<tr>\n<td><b>9<b><\/td>\n<td>Introduction   <\/td>\n<\/tr>\n<tr>\n<td><b>13<b><\/td>\n<td>1 Scope  <br \/> 2 Normative references  <br \/> 3 Terms, definitions and abbreviated terms  <br \/> 3.1 Terms and definitions   <\/td>\n<\/tr>\n<tr>\n<td><b>18<b><\/td>\n<td>3.2 Abbreviated terms   <\/td>\n<\/tr>\n<tr>\n<td><b>19<b><\/td>\n<td>4 Structure of this document  <br \/> 4.1 Clauses   <\/td>\n<\/tr>\n<tr>\n<td><b>20<b><\/td>\n<td>4.2 Themes and attributes   <\/td>\n<\/tr>\n<tr>\n<td><b>21<b><\/td>\n<td>4.3 Control layout  <br \/> 5 Organizational controls  <br \/> 5.1 Policies for information security   <\/td>\n<\/tr>\n<tr>\n<td><b>23<b><\/td>\n<td>5.2 Information security roles and responsibilities   <\/td>\n<\/tr>\n<tr>\n<td><b>24<b><\/td>\n<td>5.3 Segregation of duties   <\/td>\n<\/tr>\n<tr>\n<td><b>25<b><\/td>\n<td>5.4 Management responsibilities   <\/td>\n<\/tr>\n<tr>\n<td><b>26<b><\/td>\n<td>5.5 Contact with authorities   <\/td>\n<\/tr>\n<tr>\n<td><b>27<b><\/td>\n<td>5.6 Contact with special interest groups  <br \/> 5.7 Threat intelligence   <\/td>\n<\/tr>\n<tr>\n<td><b>29<b><\/td>\n<td>5.8 Information security in project management   <\/td>\n<\/tr>\n<tr>\n<td><b>30<b><\/td>\n<td>5.9 Inventory of information and other associated assets   <\/td>\n<\/tr>\n<tr>\n<td><b>32<b><\/td>\n<td>5.10 Acceptable use of information and other associated assets   <\/td>\n<\/tr>\n<tr>\n<td><b>33<b><\/td>\n<td>5.11 Return of assets   <\/td>\n<\/tr>\n<tr>\n<td><b>34<b><\/td>\n<td>5.12 Classification of information   <\/td>\n<\/tr>\n<tr>\n<td><b>35<b><\/td>\n<td>5.13 Labelling of information   <\/td>\n<\/tr>\n<tr>\n<td><b>36<b><\/td>\n<td>5.14 Information transfer   <\/td>\n<\/tr>\n<tr>\n<td><b>39<b><\/td>\n<td>5.15 Access control   <\/td>\n<\/tr>\n<tr>\n<td><b>41<b><\/td>\n<td>5.16 Identity management   <\/td>\n<\/tr>\n<tr>\n<td><b>42<b><\/td>\n<td>5.17 Authentication information   <\/td>\n<\/tr>\n<tr>\n<td><b>44<b><\/td>\n<td>5.18 Access rights   <\/td>\n<\/tr>\n<tr>\n<td><b>45<b><\/td>\n<td>5.19 Information security in supplier relationships   <\/td>\n<\/tr>\n<tr>\n<td><b>47<b><\/td>\n<td>5.20 Addressing information security within supplier agreements   <\/td>\n<\/tr>\n<tr>\n<td><b>49<b><\/td>\n<td>5.21 Managing information security in the ICT supply chain   <\/td>\n<\/tr>\n<tr>\n<td><b>51<b><\/td>\n<td>5.22 Monitoring, review and change management of supplier services   <\/td>\n<\/tr>\n<tr>\n<td><b>53<b><\/td>\n<td>5.23 Information security for use of cloud services   <\/td>\n<\/tr>\n<tr>\n<td><b>55<b><\/td>\n<td>5.24 Information security incident management planning and preparation   <\/td>\n<\/tr>\n<tr>\n<td><b>57<b><\/td>\n<td>5.25 Assessment and decision on information security events  <br \/> 5.26 Response to information security incidents   <\/td>\n<\/tr>\n<tr>\n<td><b>58<b><\/td>\n<td>5.27 Learning from information security incidents   <\/td>\n<\/tr>\n<tr>\n<td><b>59<b><\/td>\n<td>5.28 Collection of evidence   <\/td>\n<\/tr>\n<tr>\n<td><b>60<b><\/td>\n<td>5.29 Information security during disruption  <br \/> 5.30 ICT readiness for business continuity   <\/td>\n<\/tr>\n<tr>\n<td><b>62<b><\/td>\n<td>5.31 Legal, statutory, regulatory and contractual requirements   <\/td>\n<\/tr>\n<tr>\n<td><b>63<b><\/td>\n<td>5.32 Intellectual property rights   <\/td>\n<\/tr>\n<tr>\n<td><b>65<b><\/td>\n<td>5.33 Protection of records   <\/td>\n<\/tr>\n<tr>\n<td><b>66<b><\/td>\n<td>5.34 Privacy and protection of PII   <\/td>\n<\/tr>\n<tr>\n<td><b>67<b><\/td>\n<td>5.35 Independent review of information security   <\/td>\n<\/tr>\n<tr>\n<td><b>68<b><\/td>\n<td>5.36 Compliance with policies, rules and standards for information security   <\/td>\n<\/tr>\n<tr>\n<td><b>69<b><\/td>\n<td>5.37 Documented operating procedures   <\/td>\n<\/tr>\n<tr>\n<td><b>70<b><\/td>\n<td>6 People controls  <br \/> 6.1 Screening   <\/td>\n<\/tr>\n<tr>\n<td><b>71<b><\/td>\n<td>6.2 Terms and conditions of employment   <\/td>\n<\/tr>\n<tr>\n<td><b>72<b><\/td>\n<td>6.3 Information security awareness, education and training   <\/td>\n<\/tr>\n<tr>\n<td><b>74<b><\/td>\n<td>6.4 Disciplinary process   <\/td>\n<\/tr>\n<tr>\n<td><b>75<b><\/td>\n<td>6.5 Responsibilities after termination or change of employment  <br \/> 6.6 Confidentiality or non-disclosure agreements   <\/td>\n<\/tr>\n<tr>\n<td><b>77<b><\/td>\n<td>6.7 Remote working   <\/td>\n<\/tr>\n<tr>\n<td><b>78<b><\/td>\n<td>6.8 Information security event reporting   <\/td>\n<\/tr>\n<tr>\n<td><b>79<b><\/td>\n<td>7 Physical controls  <br \/> 7.1 Physical security perimeters   <\/td>\n<\/tr>\n<tr>\n<td><b>80<b><\/td>\n<td>7.2 Physical entry   <\/td>\n<\/tr>\n<tr>\n<td><b>82<b><\/td>\n<td>7.3 Securing offices, rooms and facilities  <br \/> 7.4 Physical security monitoring   <\/td>\n<\/tr>\n<tr>\n<td><b>83<b><\/td>\n<td>7.5 Protecting against physical and environmental threats   <\/td>\n<\/tr>\n<tr>\n<td><b>84<b><\/td>\n<td>7.6 Working in secure areas   <\/td>\n<\/tr>\n<tr>\n<td><b>85<b><\/td>\n<td>7.7 Clear desk and clear screen   <\/td>\n<\/tr>\n<tr>\n<td><b>86<b><\/td>\n<td>7.8 Equipment siting and protection   <\/td>\n<\/tr>\n<tr>\n<td><b>87<b><\/td>\n<td>7.9 Security of assets off-premises   <\/td>\n<\/tr>\n<tr>\n<td><b>88<b><\/td>\n<td>7.10 Storage media   <\/td>\n<\/tr>\n<tr>\n<td><b>89<b><\/td>\n<td>7.11 Supporting utilities   <\/td>\n<\/tr>\n<tr>\n<td><b>90<b><\/td>\n<td>7.12 Cabling security   <\/td>\n<\/tr>\n<tr>\n<td><b>91<b><\/td>\n<td>7.13 Equipment maintenance   <\/td>\n<\/tr>\n<tr>\n<td><b>92<b><\/td>\n<td>7.14 Secure disposal or re-use of equipment   <\/td>\n<\/tr>\n<tr>\n<td><b>93<b><\/td>\n<td>8 Technological controls  <br \/> 8.1 User endpoint devices   <\/td>\n<\/tr>\n<tr>\n<td><b>95<b><\/td>\n<td>8.2 Privileged access rights   <\/td>\n<\/tr>\n<tr>\n<td><b>96<b><\/td>\n<td>8.3 Information access restriction   <\/td>\n<\/tr>\n<tr>\n<td><b>98<b><\/td>\n<td>8.4 Access to source code   <\/td>\n<\/tr>\n<tr>\n<td><b>99<b><\/td>\n<td>8.5 Secure authentication   <\/td>\n<\/tr>\n<tr>\n<td><b>101<b><\/td>\n<td>8.6 Capacity management   <\/td>\n<\/tr>\n<tr>\n<td><b>102<b><\/td>\n<td>8.7 Protection against malware   <\/td>\n<\/tr>\n<tr>\n<td><b>104<b><\/td>\n<td>8.8 Management of technical vulnerabilities   <\/td>\n<\/tr>\n<tr>\n<td><b>107<b><\/td>\n<td>8.9 Configuration management   <\/td>\n<\/tr>\n<tr>\n<td><b>109<b><\/td>\n<td>8.10 Information deletion   <\/td>\n<\/tr>\n<tr>\n<td><b>110<b><\/td>\n<td>8.11 Data masking   <\/td>\n<\/tr>\n<tr>\n<td><b>112<b><\/td>\n<td>8.12 Data leakage prevention   <\/td>\n<\/tr>\n<tr>\n<td><b>113<b><\/td>\n<td>8.13 Information backup   <\/td>\n<\/tr>\n<tr>\n<td><b>114<b><\/td>\n<td>8.14 Redundancy of information processing facilities   <\/td>\n<\/tr>\n<tr>\n<td><b>115<b><\/td>\n<td>8.15 Logging   <\/td>\n<\/tr>\n<tr>\n<td><b>118<b><\/td>\n<td>8.16 Monitoring activities   <\/td>\n<\/tr>\n<tr>\n<td><b>120<b><\/td>\n<td>8.17 Clock synchronization   <\/td>\n<\/tr>\n<tr>\n<td><b>121<b><\/td>\n<td>8.18 Use of privileged utility programs   <\/td>\n<\/tr>\n<tr>\n<td><b>122<b><\/td>\n<td>8.19 Installation of software on operational systems   <\/td>\n<\/tr>\n<tr>\n<td><b>123<b><\/td>\n<td>8.20 Networks security   <\/td>\n<\/tr>\n<tr>\n<td><b>124<b><\/td>\n<td>8.21 Security of network services   <\/td>\n<\/tr>\n<tr>\n<td><b>125<b><\/td>\n<td>8.22 Segregation of networks   <\/td>\n<\/tr>\n<tr>\n<td><b>126<b><\/td>\n<td>8.23 Web filtering   <\/td>\n<\/tr>\n<tr>\n<td><b>127<b><\/td>\n<td>8.24 Use of cryptography   <\/td>\n<\/tr>\n<tr>\n<td><b>129<b><\/td>\n<td>8.25 Secure development life cycle   <\/td>\n<\/tr>\n<tr>\n<td><b>130<b><\/td>\n<td>8.26 Application security requirements   <\/td>\n<\/tr>\n<tr>\n<td><b>132<b><\/td>\n<td>8.27 Secure system architecture and engineering principles   <\/td>\n<\/tr>\n<tr>\n<td><b>134<b><\/td>\n<td>8.28 Secure coding   <\/td>\n<\/tr>\n<tr>\n<td><b>136<b><\/td>\n<td>8.29 Security testing in development and acceptance   <\/td>\n<\/tr>\n<tr>\n<td><b>138<b><\/td>\n<td>8.30 Outsourced development   <\/td>\n<\/tr>\n<tr>\n<td><b>139<b><\/td>\n<td>8.31 Separation of development, test and production environments   <\/td>\n<\/tr>\n<tr>\n<td><b>140<b><\/td>\n<td>8.32 Change management   <\/td>\n<\/tr>\n<tr>\n<td><b>141<b><\/td>\n<td>8.33 Test information   <\/td>\n<\/tr>\n<tr>\n<td><b>142<b><\/td>\n<td>8.34 Protection of information systems during audit testing   <\/td>\n<\/tr>\n<tr>\n<td><b>144<b><\/td>\n<td>Annex A (informative) Using attributes   <\/td>\n<\/tr>\n<tr>\n<td><b>155<b><\/td>\n<td>Annex B (informative) Correspondence of ISO\/IEC 27002:2022 (this document) with ISO\/IEC 27002:2013   <\/td>\n<\/tr>\n<tr>\n<td><b>162<b><\/td>\n<td>Bibliography   <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p><b>Information security, cybersecurity and privacy protection. Information security controls<\/b><\/p>\n<table class=\"shortdes-table\" style=\"width: 100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">\n<tbody>\n<tr>\n<td>Published By<\/td>\n<td>Publication Date<\/td>\n<td>Number of Pages<\/td>\n<\/tr>\n<tr>\n<td><a href=\"https:\/\/pdfstandards.shop\/product-category\/publishers\/bsi\/\"><b>BSI<\/b><\/a><\/td>\n<td>2022<\/td>\n<td>166<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":415491,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[2641],"product_tag":[],"class_list":{"0":"post-415481","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-bsi","8":"first","9":"instock","10":"sold-individually","11":"shipping-taxable","12":"purchasable","13":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/415481","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/415491"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=415481"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=415481"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=415481"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}