| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Information Security Management System Using BS7799: Part 3 This paper comprises three parts. This final part attempts to understand the structure and steps involved in certification for BS7799.
04/14/2004
|
|
Information Security Management System Using BS7799: Part 2 This paper comprises three parts. The first part provided background and introduced the standard. This part provides the interpretation of the standard and some of the key areas in its implementation.
04/14/2004
|
|
Information Security Management System Using BS7799: Part 1 This paper comprises three parts. This part provides background and introduces the standard
04/14/2004
|
|
ISO 17799 and the UK Data Protection Act A paper designed to link the dictates of the Data Protection Act (1998) (DPA) with the guidance of ISO17799 the Guideline for Information Security Management, to achieve more effective compliance with the DPA in IT processes.
04/14/2004
|
|
Whether ISO/IEC 17799 applies to you In order to help you find out whether ISO/IEC 17799 applies to your organization, we have constructed this simple questionnaire. To use it, answer the questions and submit. We will then tell you how interested in ISO/IEC 17799 (and indeed its sister standard BS7799-2) you ought to be and the likely scope of certification you require. The questions are written from a supplier's point of view. You can try to answer them as a customer to determine what the scope of certification your suppliers should have, if any.
02/19/2004
|
|
What the future holds for ISO/IEC 17799 ISO/IEC 17799:2000 is under revision and is expected to be complete in the late 2004 early 2005 timeframe. The most significant change is expected to be in the layout of the controls, to clearly distinguish between the requirements, implementation guidance and further information. Some rationalisation is also anticipated, with the addition of some new controls and existing controls better explained.
02/19/2004
|
|
The history of the standard The origin of ISO/IEC 17799 goes back to the days of the UK Department of Trade and Industry's (DTI) Commercial Computer Security Centre (CCSC). Founded in May 1987, the CCSC had two major tasks. The first was to help vendors of IT security products by establishing a set of internationally recognised security evaluation criteria and an associated evaluation and certification scheme. This ultimately gave rise to the ITSEC and the establishment of the UK ITSEC Scheme. The second task was to help users by producing a code of good security practice and resulted in a "Users Code of Practice" that was published in 1989.
02/19/2004
|
|
How ISO/IEC 17799 works in practice ISO/IEC 17799:2000 defines 127 security controls structured under 10 major headings to enable readers to identify the particular safeguards that are appropriate to their particular business or specific area of responsibility. These security controls contain further detailed controls bringing the overall number somewhere in the region of 5000+ controls and elements of best practice. The standard stresses the importance of risk management and makes it clear that you do not have to implement every single guideline; only those that are relevant. The scope of the standard covers all forms of information, including voice and graphics, and media such as mobile phones and fax machines. The new standard recognises new ways of doing business, such as e-commerce, the Internet, outsourcing, tele-working and mobile computing.
02/19/2004
|
