We're creating a single website for everything to do with BIS but, while we do that, you'll find information in three places. > Find what you're looking for
The Information Security Standard ISO/IEC 27002 is divided into eleven main sections. Section 2 is Organising Information Security.
The Organising Information Security section should describe:
Many companies will have a management structure that can support information security without major changes. In such companies, the only requirement may be that a few committees have "information security report" as a standard agenda item.
An organisational security structure should be detailed, indicating:
At the top of the structure should be the Board (or equivalent), which has overall responsibility for the organisation. Those responsible for following the policies and procedures should be arranged in a hierarchy below this level.
Organisational security must include temporary staff, contractors and third parties with access to sites, equipment, people or information.
Use links below for further information:
ISO/IEC 27002 Section 1
ISO/IEC 27002 Section 3
ISO/IEC 27002 Section 4
ISO/IEC 27002 Section 5
ISO/IEC 27002 Section 6
ISO/IEC 27002 Section 7
ISO/IEC 27002 Section 8
ISO/IEC 27002 Section 9
ISO/IEC 27002 Section 10
ISO/IEC 27002 Section 11
ISO/IEC 27002 Explained
If you would like more background information about information security standards follow this link.