What the HELL is ISO 27001 & ISO 27002?
What is ISO 27001?
ISO 27001 is the information security management system specification, and it's the specification that your organization - or an organization you're involved with - can adopt to unpack and understand the information security risks in your organization, and start to define and implement controls to manage those risks.
It's also a key part of the Business Improvement aspect of the management system in your organization as it identifies things like the controls and processes you're going to follow and implement in your organization the monitoring and measurement requirements to track your information security performance in the organization, as well as the controls for conducting internal reviews to look for opportunities for improvement and undertake a management review.
At the beginning of the ISO 27001 standard, there's a whole piece on business planning and its integrated business planning that is part of looking at all of the integrated risks across your organization.
What is ISO 27002?
ISO 27002 is the code of practice for information security controls and it is complementary to ISO 27001 the information security management system specification.