What Are ISO 27001 and ISO 27002?

ISO 27002 is of course based upon the 17799 standard, and is described as a set of information security controls describing "best practices in information security". These controls are intended to be selected from whilst implementing a security strategy. The document was originally published by the DTI in the United Kingdom as a 'code of practice', and later went on to be published as BS7799-1. This was later republished as ISO17799 (which was again updated in 2005). This in turn became ISO 27002 in 2007.