ISO/IEC 27002

ISO/IEC 27002:2013 provides guidance on organizational information security standards and information security management practices, including the selection, implementation, and management of controls that take into account the organization's information security risk environment. ISO/IEC 27002:2013 is designed to be used by organizations implementing information security management systems based on ISO/IEC 27001, implementing generally accepted information security controls, or developing their own information security management guidelines. This standard is used as a reference to selecting control in the process of implementing an information security management system and can help organizations build confidence in inter-organizational activities and implement appropriate controls, including policies, processes, organizational structures, and software and hardware features.

· ISO/IEC 27002 enables individuals to understand basic guidelines to help implement, maintain and improve information security management systems within an organization. Individuals can acquire the methods and skills used to implement information security controls to effectively manage their organization's information security management system (ISMS) and respond appropriately to the various information security risks of their organization.
· For the effective application of ISO/IEC 27002, companies and industries need qualified experts. The purpose of the ISO/IEC 27002 training course is to provide the certification body, businesses and industries with the confidence that auditors and individuals trained through this program are eligible.

· As part of the certification process, assessments will be conducted against requirements that reflect the key skills, knowledge and experience that define eligibility. The ISO/IEC 27002 training program is based on the ISO/IEC 27002 standard, and is based on the audit guidance standard ISO 19011:2018.