Welcome to the third edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to 17799 and information security.
The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Guidance and information included in this months issue:
ISO 17799 FAQ. ISO17799 FREQUENTLY ASKED QUESTIONS -PART 1
1) When was it published?
2) Who wrote it?
Originally a BSI/DISC committee including representatives from a cross section of trade and industry. It was subsequently reviewed by an ISO committee and emerged through the ISO publication process.
3) What is BS 7799
BS7799 was the forerunner of ISO17799. It was superseded in Dec 2000
4) How can I measure and manage compliance?
The most well known tool is COBRA, which is also an established risk analysis product. A newly published tool is also described above (The ISO17799 Toolkit).
5) Tools to help me comply?
See the list of resources above
6) Who is accredited to certify (certification bodies)?
BSI, DNV, LRQA, National Quality Assurance, and others.
7) What is ISO17799? ISO17799 Part 1 is "intended to serve as a single reference point for identifying the range of controls needed for most situations where information systems are used in industry and commerce, and to be used by large, medium and small organizations". It is essentially a 'code of practice'
8) What is Part 2?
ISO17799 Part 2 is a "specification for information security management systems". This is not an optional extra, but is critical to the process.