Hey everyone. I am looking for some input into ISO 27002. I am doing a career change for LE (20 years) into IT Security. I think ISO 27002 is the better frameworks because it has both a physical and IT security component to it. The downside is there is a cost to keep both of those up to standards. Have you had any issues with this framework? If so how did you overcome those issues?