ISO / IEC 17799 (Part 1)

BS7799 / ISO17799

ISO / IEC 17799 (Part 1)

The international standard ISO/IEC 17799 was developed by the British Standards Institution (BSI) as BS 7799. It was adopted through a special “fast track procedure” by the JTC 1 (Joint ISO/IEC Technical Committee), concurrently with its approval by the national member institutes of ISO and the IEC.

ISO/IEC 17799 is presented in the form of guidelines and recommendations that were assembled following consultations with big business. The 36 security objectives and 127 security controls contained in ISO/IEC 17799 are divided among ten domains. The following is a brief overview of each of these domains:

1. Security Policy - Provide guidelines and management advice for improving information security.

2. Organizational Security – Facilitate information security management within the organization.

ISO/IEC 17799 (Part 1)

3. Asset Classification and Control – Carry out an inventory of assets and protect these assets effectively.

4. Personnel Security - Minimize the risks of human error, theft, fraud or the abusive use of equipment.

5. Physical and Environmental Security - Prevent the violation, deterioration or disruption of industrial facilities and data.

6. Communications and Operations Management - Ensure the adequate and reliable operation of information processing devices.

7. Access Control - Control access to information.

8. Systems Development and Maintenance - Ensure that security is incorporated into information systems.

9. Business Continuity Management - Minimize the impact of business interruptions and protect the company’s essential processes from failure and major disasters.

10. Compliance - Avoid any breach of criminal or civil law, of statutory or contractual requirements, and of security requirements.

166) Web Sites

Callio Technologies BS7799/ISO17799

BS7799 ISO17799 Security Standards

BS7799 ISO17799 Methodology

ISO17799 BS7799 Discussion Group

BS7799 ISO17799 Methodology Group