Welcome to the fourth edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to ISO 17799 and information security.
The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Guidance and information included in this issue:
ISO17799 FAQ - MORE FREQUENTLY ASKED QUESTIONS
1) How many controls are there in the standard?
Part 1 is organized into 10 sections. There are 127 main controls and over 500 detailed controls in total.
2) How old is it?
The standard stems from an original publication in 1993, from the DTI in the UK. It became BS7799 in 1995 and of course ISO17799 in 2000.
3) Is certification for life?
No. It is normally for three year periods.
4) What is accreditation?
An accreditation body can authorize others to "certify" third parties under the standard (p2). A number of accreditation bodies exist in different countries.
5) ISO17799 is used throughout the world, but was it internationally created?
Yes indeed. The latest versions included input from representatives from many nations, including Australia, Brazil, Germany, Norway, UK and USA, amongst others.
6) What is part 2?
Part 2 basically explains how to apply the standard itself, and how to build and operate an information security management system.
7) Is it linked to a specific national legal system?
No. It is generic in terms of legislation.