The revision of ISO/IEC 17799 is now available. This new version has been under development and in process for several years, and introduces a number of siginificant changes to the code of practice. The old version, which was originally published in December 2000, has been withdrawn with immediate effect, as is common with ISO standards.
The new standard now contains eleven 'core' chapters, as opposed to ten previously. The existing chapters have also been renamed and re-organized. The new chapter structure is as given below:
Organizaing Information Security
Human Resources Security
Physical and Environmental Security
Communications and Operations Management
Information Systems Acquisition, Development and Maintenance
Information Security Incident Management
Business Continuity Management
The new version of the standard also introduces a range of new controls (seventeen in total) to address a number of emerging issues not previously covered. These include topics such as provision of outsourcing, external service delivery, and patch management. Equally, other areas have been substantially extended or re-shaped, such as employment termination, and mobile/distributed communication. Several old controls have been retired, or merged into others.
In addition to the content itself, steps have also been taken to enhance the "user friendliness" of the standard. The standard has also been normalized to position itself to sit more comfortably alongside related security standards in the future.
ISO 17799 2005 Usability
SOURCES OF THE NEW STANDARD
The official online shop (via BSI) has been updated to provide copies of this new standard, rather than the old one, as has SNV's download portal:
Standards Direct (BSI)
Standards Online Shop (SNV)
Also, the ISO 17799 Toolkit, the support kit for the standard, has been updated to include the new version:
ISO 17799 Toolkit
Return to the ISO 17799 Newsletter Front Page