Skip to main content

Standard of the month – cybersecurity with 27002

This issue we shed a light on a particular standard of relevance to many, AS/NZS ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection – Information security controls.

A young man uses a laptop

Safer Internet Day, celebrated on the second day of the second week of the second month, was a day to acknowledge the need for safer online activities for all, and act. From banking to business, social interaction to shopping, education to entertainment, using the internet safely begins with trust. That security is often underpinned by standards, such as those on information security management systems.

Supporting safe internet use

While the European Commission-led Safer Internet Day was initially established to protect children and young people, all users of the internet need protection for their information regardless of age or circumstance. In an interconnected world all users’ information throughout its life cycle – from creation to disposal – requires protection as part of an information security management system. Standards like AS/NZS ISO/IEC 27002:2022 set the path for an expert-developed and agreed consistent and proven method. AS/NZS ISO/IEC 27002:2022 advises on a range of organisational controls, people controls, physical controls, and technology controls to address.

Handling data? You need standards

Both the standard and the importance of safety raised through campaigns like Safer Internet Day are relevant to organisations of all types and sizes. If you create, collect, process, store, transmit or dispose of information in its many forms, you need systematic controls. This applies equally to public bodies, commercial and non-profit organisations, and smaller starts ups.

Since information technology sits across such a broad user base, the original standard was developed by a joint committee representing both ISO (International Organization for Standardization) and IEC (International Electrotechnical Commission). AS/NZS ISO/IEC 27002:2022 was adopted jointly for Australian and New Zealand applications with representation on the committee from New Zealand’s Department of Internal Affairs, Waikato University, and Joint Accreditation System of Australia and New Zealand (JAS-ANZ) among many other Australasian academic institutions, consumer affairs organisations and industry groups.

Take action

While the internet crosses regulatory borders and in many aspects is subject to self-regulation, smart organisations and decision-makers would ensure policy and practice is built on standards. Reassuring users of safety is paramount, especially when they are accessing and providing data for central or local government.

You can buy AS/NZS ISO/IEC 27002:2022 through our website.

AS/NZS ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection – Information security controls(external link)

We are also working on bringing you our cybersecurity collection of standards containing a range of data protection standards for every business. Available soon.