The International Organization for Standardization (ISO)
ISO/IEC 27002 is known as the companion standard for the ISO/IEC 27001, which is an international standard outlining the specifications for any information security management system (ISMS) (Kosutic, 2020). The standards cover the controls that are a crucial part of the information security management for all enterprises. The significant differences between the ISO/IEC 27001 and ISO/IEC 27002 are that the ISO/IEC pays considerable attention to information control systems that organizations may decide to implement. It also focuses on personal and offers a code of practice for individuals with an enterprise. On the other hand, ISO/IEC is the central framework of the ISO 27000 series and relates to different parts of information security management. The ISO/IEC helps in outlining each aspect of the information management system whereby specific information is provided in the additional standards (Information Security Management, 2017).
References
Information Security Management, (2017). What is the difference between ISO/IEC 27001 and ISO/IEC 27002? Retrieved https://pecb.com/article/what-is-the-difference-between-isoiec-27001-and-isoiec-27002
Irwin (2019). Understanding the differences between ISO 27001 and ISO 27002. Retrieved from https://www.itgovernance.co.uk/blog/understanding-the-differences-between-iso-27001-and-iso-27002
Kosutic, D. (2020). ISO 27001 vs. ISO 27002. Retrieved from https://advisera.com/27001academy/knowledgebase/iso-27001-vs-iso-27002