How ISO/IEC 17799 works in practice
ISO/IEC 17799:2000 defines 127 security controls structured under 10 major headings to enable readers to identify the particular safeguards that are appropriate to their particular business or specific area of responsibility. These security controls contain further detailed controls bringing the overall number somewhere in the region of 5000+ controls and elements of best practice.
Read the Article
|
The history of the standard
The origin of ISO/IEC 17799 goes back to the days of the UK Department of Trade and Industry's (DTI) Commercial Computer Security Centre (CCSC). Founded in May 1987, the CCSC had two major tasks. The first was to help vendors of IT security products by establishing a set of internationally recognised security evaluation criteria and an associated evaluation and certification scheme. This ultimately gave rise to the ITSEC and the establishment of the UK ITSEC Scheme. The second task was to help users by producing a code of good security practice and resulted in a "Users Code of Practice" that was published in 1989.
Read the Article
|
What the future holds for ISO/IEC 17799
ISO/IEC 17799:2000 is under revision and is expected to be complete in the late 2004 early 2005 timeframe. The most significant change is expected to be in the layout of the controls, to clearly distinguish between the requirements, implementation guidance and further information. Some rationalisation is also anticipated, with the addition of some new controls and existing controls better explained.
Read the Article
|
Whether ISO/IEC 17799 applies to you
In order to help you find out whether ISO/IEC 17799 applies to your organization, we have constructed this simple questionnaire. To use it, answer the questions and submit. We will then tell you how interested in ISO/IEC 17799 (and indeed its sister standard BS7799-2) you ought to be and the likely scope of certification you require.
Read the Article
|
Information Security Management System Using BS7799: Part 1
This paper comprises three parts. This part provides background and introduces the standard.
Read the Article
|
Information Security Management System Using BS7799: Part 2
This paper comprises three parts. The first part provided background and introduced the standard. This part provides the interpretation of the standard and some of the key areas in its implementation.
Read the Article
|
Information Security Management System Using BS7799: Part 3
This paper comprises three parts. This final part attempts to understand the structure and steps involved in certification for BS7799.
Read the Article
|
International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management
The National Institute of Standards and Technology's (NIST's) Information Technology Laboratory developed this Frequently Asked Questions (FAQ) in response to the high level of interest in this activity. The FAQ addresses a number of questions being asked by persons in both government and industry about ISO/IEC 17799:2000, Code of Practice for Information Security Management.
Read the Article
|