ISO 27001 and 27002 Review
The ISO ( International Organization for Standardization)27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard.
Information security management systems — Requirements = ISO 27001
It is the specification for an ISMS, an Information Security Management System.
The objective of the standard itself is to “provide a model for establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an Information Security Management System.
It employs the PDCA, Plan-Do-Check-Act model to structure the processes.
Code of practice for information security management = ISO 27002
The ISO 27002 standard is the rename of the ISO 17799 standard, and is a code of practice for information security. It basically outlines hundreds of potential controls and control mechanisms, which may be implemented, in theory, subject to the guidance provided within ISO 27001.