Educause Security Discussion mailing list archives
ISO27002 vs ISO27006
From: Dan Sarazen <dsarazen () BRANDEIS EDU>
Date: Mon, 15 Sep 2014 07:23:13 -0400
Good Morning, I have a school (Not Brandeis) that is using ISO27006 as the foundation for their Information Security Policy. I'm used to seeing IS policies based on ISO27002 or even the NIST 800 series. My understanding of ISO27006 is that it outlines the audit processes organizations should use to audit and certify their process, versus ISO27002 which is an actual suite of controls that should be considered. Does anyone have any feedback on this? Thanks Dan
Current thread:
- ISO27002 vs ISO27006 Dan Sarazen (Sep 15)
- Re: ISO27002 vs ISO27006 Jones, Dan J. (Sep 15)
- Re: ISO27002 vs ISO27006 TAMMY L. CLARK (Sep 15)
- Re: ISO27002 vs ISO27006 Blake Penn (Sep 15)