Hello Nigel, Right you are, I have totally forgotten about the 27002, to be honest, I have not read that 27002, but I have talked to people who have and they seem to think it is an excellent standard. I personally prefer OWASP SAMM over the NIST standards. I find NIST very confusing, but OWASP standards ...
|