ISO/IEC 27002:2013 pdf free.Information technology — Security techniques — Code of practice for information security controls. It is essential that an organization identifies its security requirements. There are three main sources of security requirements: a) the assessment of risks to the organization, taking into account the organizations overall business strategy and objectives. Through a risk assessment, threats to assets are...