ISO 17799 is an information security standard published and most recently revised in June 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It is entitled Information technology - Security techniques - Code of practice for information security management. The current standard is a revision of the version published in 2000, which was a word-for-word copy of the British Standard (BS) 7799-1:1999.
ISO 17799 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS).
ISO 27001 (Information technology - Security techniques - Information security management systems - Requirements) specifies a number of requirements for establishing, implementing, maintaining and improving an information security management system consistent with the best practices outlined in ISO 17799.
ISO 17799 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS).
ISO 27001 (Information technology - Security techniques - Information security management systems - Requirements) specifies a number of requirements for establishing, implementing, maintaining and improving an information security management system consistent with the best practices outlined in ISO 17799.
Copyright ©2009 What-is.Net All rights reserved.
Last Updated: Sep 2009
Last Updated: Sep 2009
This replaced BS 7799-2:2002: Information security management systems - Specification with guidance for use. Previously, organizations could only be officially certified against the British Standard (or national equivalents) by certification/registration bodies accredited by the relevant national standards organizations. The international standard can now be used for certification.
ISO 17799 gives some guidance in the form of 'legislative essentials' and 'common best practice' under the IS "starting point" section.
These are:
- intellectual property rights (12.1.2)
- safeguarding of organizational records (12.1.3)
- data protection and privacy of personal information (12.1.4)
- information security policy document (3.1.1)
- allocation of information security responsibilities (4.1.3)
- information security education and training (6.2.1)
- reporting security incidents (6.3.1)
- business continuity management (11.1)
ISO 17799 gives some guidance in the form of 'legislative essentials' and 'common best practice' under the IS "starting point" section.
These are:
- intellectual property rights (12.1.2)
- safeguarding of organizational records (12.1.3)
- data protection and privacy of personal information (12.1.4)
- information security policy document (3.1.1)
- allocation of information security responsibilities (4.1.3)
- information security education and training (6.2.1)
- reporting security incidents (6.3.1)
- business continuity management (11.1)
