How ISO/IEC 17799 works in practice ISO/IEC 17799:2000 defines 127 security controls structured under 10 major headings to enable readers to identify the particular safeguards that are appropriate to their particular business or specific area of responsibility. These security controls contain further detailed controls bringing the overall number somewhere in the region of 5000+ controls and elements of best practice.
The history of the standard The origin of ISO/IEC 17799 goes back to the days of the UK Department of Trade and Industry's (DTI) Commercial Computer Security Centre (CCSC). Founded in May 1987, the CCSC had two major tasks. The first was to help vendors of IT security products by establishing a set of internationally recognised security evaluation criteria and an associated evaluation and certification scheme. This ultimately gave rise to the ITSEC and the establishment of the UK ITSEC Scheme. The second task was to help users by producing a code of good security practice and resulted in a "Users Code of Practice" that was published in 1989.
What the future holds for ISO/IEC 17799 ISO/IEC 17799:2000 is under revision and is expected to be complete in the late 2004 early 2005 timeframe. The most significant change is expected to be in the layout of the controls, to clearly distinguish between the requirements, implementation guidance and further information. Some rationalisation is also anticipated, with the addition of some new controls and existing controls better explained.
International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management The National Institute of Standards and Technology's (NIST's) Information Technology Laboratory developed this Frequently Asked Questions (FAQ) in response to the high level of interest in this activity. The FAQ addresses a number of questions being asked by persons in both government and industry about ISO/IEC 17799:2000, Code of Practice for Information Security Management.
Actions
Category Stats