Information Security Framework

The University of North Carolina Information Security Council (UNC ISC) recommends the adoption of ISO 27002 as the IT security framework for the UNC System. As such, all campuses that are part of the UNC System are advised to use ISO 27002 as a baseline standard for developing their own institutional IT security policies.

Per this UNC System recommendation, NC State University has adopted ISO 27002 as the information security framework.

NOTE:  ISO 27002 is also known as the following:

• International Standard — ISO/IEC 27002
• ISO/IEC 27002 Information Technology — Security Techniques — Code of Practice for Information Security Management

For additional information regarding the adoption of ISO 27002, see the following:

• UNC System Adoption Process (revised in 2017)
• NC State Adoption Letter

ISO 27002 License

As shown in the following PDFs, the complete ISO 27002 standard is licensed to North Carolina State University by the American National Standard Institute (ANSI) via a site license through the UNC System Office (formerly known as UNC – General Administration):

• ISO/IEC 27002  Second Edition, 2013 (complete standard)
• ISO/IEC 27002 Site License

Restrictions

Downloading, distributing or copying the ISO 27002 standard or site license is restricted to authorized users; that is, students, faculty and staff with Unity login credentials.

Additional References

• ISO 27000:2018  (Information Security Management Systems — Overview and Vocabulary)
• ISO 27001:2013  (Information Security Management Systems — Requirements)
• ISO 27003:2017  (Information Security Management System — Guidance)
• ISO 27004:2016  (Information Security Management — Monitoring, Measurement, Analysis and Evaluation)
• ISO 27005:2018  (Information Security Risk Management)