Quiz Entry - updated: 2026.07.14
What are the 14 domains (chapters 5-18) of ISO 27002?
ISO 27002 organizes its 114 controls into 14 domains covering everything from security policies and access control to compliance and business continuity.
The 14 domains are:
| # | Domain |
|---|---|
| 5 | Information security policies |
| 6 | Organization of information security |
| 7 | Human resource security |
| 8 | Asset management |
| 9 | Access control |
| 10 | Cryptography |
| 11 | Physical and environmental security |
| 12 | Operations security |
| 13 | Communications security |
| 14 | System acquisition, development and maintenance |
| 15 | Supplier relationships |
| 16 | Information security incident management |
| 17 | Information security aspects of business continuity management |
| 18 | Compliance |
Structure within each domain: Domain > Control Objective (35 total) > Control (114 total). For example, Domain 9 "Access Control" has the objective "To limit access to information" and contains specific controls like "Access control policy."
Tip: You don't need to memorize all 14 by number, but you should be able to name at least 5-6 key domains and understand that they cover the full spectrum from people to technology to processes.