Welcome to the first edition of the ISO17799 newsletter, designed to keep you abreast of news and developments with respect to 17799 and information security. The newsletter will comprise a combination of inclusive articles and the identification of useful and topical sources on the web.
This initial edition covers:
THE ISO 17799 SECURITY POLICY TEMPLATE
Section 3.1 of ISO17799 states that "Management should set a clear policy direction and demonstrate support for, and commitment to, information security through the issue and maintenance of an information security policy across the organization".
Having a security policy document (or dusting down an old one) may well not be enough... to match the requirements of 17799 the policies must meet very clear demands.
Common routes forward to achieve this include:
a) A full review of existing policies, matching them line by line with ISO17799 and its expectations.
b) The purchase of a set of pre-written policies which have been designed in full cognizance of the requirements of the standard.
With respect to the latter, the security policies available with the RUsecure Security Policy is perhaps the most directly applicable offering. It has been designed to meet the needs of 17799 specifically. Each policy (and there are hundreds) also contains direct cross reference to the applicable ISO17799 section.
Another neat feature is that the policies can also be delivered interactively to the desktop, as an alternative to a traditional static document.
UPDATE: The RUsecure policies are now included in the ISO 17799 Toolkit