ISO 27002 has fourteen (14) main sections/ Clauses and about 200 controls :
- Risk assessment
- Security policy
- Organizational security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development and maintenance
- Information security incident management
- Business continuity management
- Compliance
- Privacy
- Cloud
Note: Check the USB for the list of controls (D:TemplateCommercial FrameworkISO)