: It covers universal procedures like access control, cryptography, and physical security, but it is not tailored to any specific sector.
ISO/IEC 27002 is a generic "code of practice" for information security. It provides a comprehensive set of reference controls designed to help organizations of any size or industry manage their security risks. The ISO/IEC 27002 and ISO/IEC 27799 Information...
: Organizations cannot be certified directly against ISO/IEC 27002; instead, they use it as a reference to implement the requirements of ISO/IEC 27001. ISO/IEC 27799: The Healthcare Lens : It covers universal procedures like access control,