ISO IEC 27002 is a comprehensive information security standard.

It takes a very broad approach. In the context of this standard, 

the term information includes all forms of data, documents, 

communications, conversations, messages, recordings, and photographs. 

It includes all forms of information.

Security Policy Management

Provide management direction and support

Develop your information security policies

Review your information security policies

Corporate Security Management

Establish an internal information security organization

Allocate information security roles and responsibilities

Segregate conflicting duties and responsibilities

Personnel Security Management

Emphasize security prior to employment

Verify the backgrounds of all new personnel

Use contracts to protect your information

Emphasize security during employment

Expect your managers to emphasize security

Deliver information security awareness programs

Set up a disciplinary process for security breaches

Emphasize security at termination of employment

Emphasize post-employment security requirements

Organizational Asset Management

Establish responsibility for corporate assets                                                  

Compile an inventory of assets associated with information

Select owners for all assets associated with your information

Prepare acceptable use rules for assets associated with information

Return all assets associated with information upon termination

Develop an information classification scheme

Classify your organization’s information

Establish information labeling procedures

Develop asset handling procedures

Control how physical media are handled

Manage removable media

Manage the disposal of media Manage the transfer of media