What is the primary focus of ISO/IEC 27002?

The primary focus of ISO/IEC 27002 is to provide a code of practice for information security controls. This international standard outlines best practices for establishing, implementing, maintaining, and improving information security management systems (ISMS). It offers a comprehensive set of controls that organizations can adopt to address various aspects of information security, including risk management, access control, asset management, and incident management.

The guidance presented in ISO/IEC 27002 assists organizations in selecting appropriate security controls based on their specific security requirements and risks. By following this standard, organizations can enhance their overall security posture, effectively manage information risk, and protect sensitive data from potential threats.

In contrast, other options focus on different areas such as financial auditing, workplace ethics, or personal data storage, which do not align with the specific area of information security that ISO/IEC 27002 addresses.