Network Security Library
Javascript Feeds    RSS Feed    Security Dashboard    SearchSecurity.com
About | Contact | Advertise | Site Map
Print Printer Friendly     
intrusion detection E-mail      Save Save This

ISO/IEC 17799


{LANG_NAVORIGIN} Reference




ISO/IEC 17799 provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining information security management systems. Information security is defined within the standard as the preservation of confidentiality (ensuring that information is accessible only to those authorised to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorised users have access to information and associated assets when required).

ISO/IEC 17799 contains the following ten main sections: Within each section, information security control objectives are specified and a range of controls are outlined that are generally regarded as best practice means of achieving those objectives. Specific controls are not mandated since (a) each organization is expected to undertake a structured information security risk assessment process to determine its requirements before selecting controls that are appropriate to its particular circumstances (the introduction section outlines a risk assessment process although there are more specific standards covering this area such as ISO Technical Report TR 13335 GMITS Part 3 - Guidelines for the management of IT security - Security Techniques); and (b) it is practically impossible to list all conceivable controls in a general purpose standard.

ISO/IEC 17799 has directly equivalent national standards in countries such as Australia and New Zealand (AS/NZS 4444), the Netherlands (SPE 20003), Sweden (SS 627799), Japan (JIS X 5080) and the United Kingdom (BS7799:1999 Part 1 - the original British Standard which became word-for-word ISO/IEC 17799:2000). The second part of BS7799 (BS7799:2002 Part 2 Information security management systems - Part 2: Specification with guidance for use) specifies a number of requirements for establishing, implementing, maintaining and improving an information security management system consistent with the best practices outlined in ISO/IEC 17799. Organizations may be officially certified against BS7799-2 (or national equivalents) by certification/registration bodies accredited by the relevant national standards organizations.


This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "ISO/IEC 17799".













E-Mail Link

Your IP address will be sent with this e-mail
From e-mail to e-mail



Stats
3058 Views
0/5 Rating
0 Votes
Papers
Newest
Highest Rated
Most Viewed
Reference

Services
Javascript Feeds
RSS (New Papers)
Security Dashboard

Our Stuff
About SecurityDocs
Advertise
Contact

Valid HTML 4.01!
Valid CSS!


Unless otherwise noted, all paper copyrights are owned by the author. The rest copyright 2003-2005 TechTarget

Privacy : Contact