Compliance & Frameworks
ISO/IEC 27002
Also known as: ISO 27002, 27002
Definition
An international code of practice that provides detailed guidance and implementation advice for the information security controls listed in ISO/IEC 27001 Annex A.
Examples
- A security architect using 27002 guidance to design access-management policies.
- A consultant mapping 27002 controls to client security policies.
Related terms
ISO/IEC 27001
The international standard specifying requirements for an Information Security Management System (ISMS), against which organizations can be formally certified.
NIST SP 800-53
A NIST publication providing a comprehensive catalog of security and privacy controls for U.S. federal information systems and many private-sector adopters.
Security Controls
Safeguards or countermeasures — technical, administrative, or physical — used to prevent, detect, or respond to threats against information assets.
Secure Coding
Secure Coding — definition coming soon.
Compliance
The discipline of meeting legal, regulatory, contractual, and internal security requirements through documented controls, evidence collection, and ongoing assessment.
Security Posture
Security Posture — definition coming soon.