ISO 17799

ISO/IEC 17799 is an information security standard published by the International Organization for Standardization in 2000, based on an earlier British Standard, BS 7799, and entitled Information technology - Code of practice for information security management.

Whereas the scope of ISO/IEC 17799 is restricted to the code of practice, BS 7799 is in two parts, the second entitled Information security management systems - Part 2: Specification with guidance for use.

Both of these standards are now globally recognized, and a certification system for Information Security Management Systems (ISMSs) based on the second part of the standard is well established.

ISO/IEC 17799 (BS 7799-1) provide "recommendations for information security management for use by those ... responsible for ... implementing ... security in their organization". The second part of BS 7799 specifies requirements for ISMSs.

The code of practice covers the following subject matter:

Security policy
Organizational security
Asset classification and control
Personnel security
Physical and environmental security
Communications and operations management
Access control
Systems development and maintenance
Business continuity management
Compliance

[Top]

Reference

BS ISO/IEC 17799:2000
BS 7799-2:2002

[Top]


View Live Article	This article is from Wikipedia. All text is available under the terms of the GNU Free Documentation License