driving worldwide
business excellence

> Standards & Methods

ISO/IEC 17799:2005

ISO/IEC 17799 is entitled "Information technology - Security techniques - Code of practice for information security management". An earlier version of the standard was published in 2000, which basically was a word-for-word copy of BS 7799-1:1999 from BSI (the British Standards Institute).

ISO/IEC 17799:2005 makes best practices recommendations for information security management to be used by those who start, implement or maintain those systems. According to the standard "information security" involves ensuring that information can only be accessed by those who are authorized, thus ensuring the accuracy and completeness of data/processing methods, and making information available to authorized users when they need it.

There are twelve main sections in the ISO/IEC 17799:2005 standard:

• Risk assessment and treatment
• Security policy
• Organization of information security
• Asset management
• Human resources security
• Physical and environmental security
• Communications and operations management
• Access control
• Information systems acquisition, development and maintenance
• Information security incident management
• Business continuity management
• Compliance

The standard identifies and outlines information security control objectives for each of these sections. It also provides guidance on how to implement each objective. Companies are expected to do well-structured information security risk assessments to determine their requirements before determining what the appropriate controls to be applied are. Specific controls are not mandated for companies, because no general purpose standard can possibly address all the controls that may be needed.

Sitemap | Privacy Policy | Terms of Use

© 2008 Omnex Inc, USA. All rights reserved
Questions or comments regarding this website: webmaster@omnex.com
Powered By Omnex Communications

This site is designed for Netscape 6x, Internet Explorer 5x, and Mozilla 1x