Introduction

This part of the course is based on the eleven sections of ISO27002. In each section the top-level objectives are copied directly from the standard and the accompanying commentary is designed to explore the rationale behind its inclusion.

The 'Things to Watch' section indicates common failures of implementation found during implementation or certification audits and how to ensure that they do not affect you.

The ten sections of ISO27002 are:

·         Section 1. Security policy

·         Section 2. Organisation of information security

·         Section 3. Asset management

·         Section 4. Human resources security

·         Section 5. Physical and environmental security

·         Section 6. Communications and operations management

·         Section 7. Access control

·         Section 8. Information systems acquisition, development and maintenance

·         Section 9. Information security incident management

·         Section 10. Business continuity management

·         Section 11. Compliance

The text below is not intended to replace ISO 27002 but to supplement and complement it. The text should be read in association with the standards.