What is ISO 27002?
ISO 27002 also known as “code of practice” is a low level reference / guide for implementing controls to mitigate information security risks. It exactly cross-references Annex A control objectives (14) and controls (114) without referencing the A in front of each control number. It is much lower level and descriptive than Annex A.
