The following questions were presented:
There have been suggestions part 3 of the series is in development, to be called BS7799-3. What is that all about and what will it cover?
BS 7799-3 Information security management systems (ISMS) — Part 3:
Guidelines for information security risk management is under development and was issued for public comment in July 2005.
The Standard provides guidance to support the requirements specified in ISO / IEC 27001 regarding all aspects of an ISMS risk management cycle. This includes assessing and evaluating risks, implementing controls to treat the risks, monitoring and reviewing the risks, and maintaining and improving the system of risk controls.
The focus of the Standard is effective information security through an ongoing programme of risk management activities. The Standard is intended to be applicable to all organisations, regardless of their type, size and nature of business.