LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What are the 14 domains (chapters 5-18) of ISO 27002?

ISO 27002 organizes its 114 controls into 14 domains covering everything from security policies and access control to compliance and business continuity.

The 14 domains are:

# Domain
5 Information security policies
6 Organization of information security
7 Human resource security
8 Asset management
9 Access control
10 Cryptography
11 Physical and environmental security
12 Operations security
13 Communications security
14 System acquisition, development and maintenance
15 Supplier relationships
16 Information security incident management
17 Information security aspects of business continuity management
18 Compliance

Structure within each domain: Domain > Control Objective (35 total) > Control (114 total). For example, Domain 9 "Access Control" has the objective "To limit access to information" and contains specific controls like "Access control policy."

Tip: You don't need to memorize all 14 by number, but you should be able to name at least 5-6 key domains and understand that they cover the full spectrum from people to technology to processes.

From Quiz: ISM / Standards & Frameworks I (ISO, BSI) | Updated: Jul 14, 2026