ISO 9000, Six Sigma, ISO 17799, ISO 14000, ITIL, BS15000... and Many More
ISO 9000, Six Sigma, ISO 17799, ISO 14000, ITIL, BS15000... and Many More
|
CONTENTS
To Obtain Copies of the Standards Themselves, We Recommend (Advertisement)
International Standards Made Easy!
|
BSI describe ISO 17799 / BS7799 as "a standard setting out the requirements for an Information Security Management System. It helps identify, manage and minimize the range of threats to which information is regularly subjected"
The two documents are as follows: ISO/IEC 17799 Code of practice for
Information Security Management The first basically comprises hundreds of controls organized into 10 section (Security policy, Organization of assets and resources, Asset classification and control, Personnel security, Physical and environmental security, Communications and operations management, Access control, Systems development and maintenance, Business continuity management, Compliance). The latter describes and defines and information management system against which registration is possible.
Specification:
Pub Id : BS ISO/IEC
Status : Current
Title : Information technology. Code of practice for information security management
Int Relationships : ISO/IEC 17799:2000 IDT
ICS Classification : 35.020;35.040
Committee Ref : IST/33
ISBN : 0 580 36958 7
Identifier Notes : Also numbered BS 7799-1:2000.
Replaces : BS 7799-1:1999
Selected Resource
Selected Books
Note that all our books are shipped internationally, direct from our warehouse in the UK.
The Turnbull report has focused interest in this issue by setting out how directors of listed companies must comply with the UK's Combined Code requirements in respect of internal controls including both financial, risk management and operational - specifically operational from an IT perspective. By underlining the importance of IT Governance as a critical aspect of Corporate Governance the report establishes "best practice" for any organization both public and private, large and small. The development of IT governance - which recognizes the convergence between business management and IT management - makes it essential for managers at all levels of the organization to adopt "best practice" in information security. By taking on BS 7799 or ISO 17799 organizations can be certain that they are doing this. This handbook guides managers through the maze of issues involved in effective information security management and shows how to introduce reliable management controls. In so doing, it also goes into detail through the process of achieving BS or ISO certification. It is a resource for directors and senior managers in organizations of all sorts and sizes but particularly those with well-developed internal IT systems and those focused on e-commerce. Coverage includes: why is information security necessary?; the Combined Code and the Turnbull Report; BS 7799 - Benefits of certification; information security management; information security policy and scope; the risk assessment and statement of applicability; security of third party access and outsourcing; asset classification and control; personnel security; physical and environmental security; equipment security; general security controls; communications and operations management; controls against malicious software (malware); and housekeeping, network management and media handling.
The RUsecure Security Policies are, according to the blurb, 'aligned' specifically with ISO17799
|
|
|
The prime accompanying resource for ISO 17799
(according to Google) is called The
It
is reported that 60 per cent of organizations have suffered a data security
breach in the past two years and 43 per cent of those that have sensitive or
critical information have suffered an extremely serious one. With the growing
importance of IT to both internal systems and external e-commerce, this may be
alarming but perhaps not surprising. What is surprising is that, up until very
recently, data security has been seen as the province of the IT department
rather than, as it should be, a key board-room issue for the e-commerce age.