Welcome to this, the sixth edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to the ISO 17799 information security standard.
The information contained is free to our subscribers and provides guidance on a range of practical issues, plus commentary on recent Information Security incidents.
ISO17799 - MORE FREQUENTLY ASKED QUESTIONS
1) Where can I find back issues of The ISO27000 Newsletter?
All back issues are posted to: http://www.iso17799-web.com
2) What are the 10 sections of ISO17799?
- Security Policy
- Security Organization
- Systems Development and Maintenance
- Business Continuity Management
- Asset Classification and Control
- Personnel Security
- Physical and Environmental Security
- Communications and Operations Management
- Access Control
3) Who published ISO 17799? BSI or ISO?
Both... sort of. ISO 17799 is an ISO standard of course. However, there is a Part 2 to cover security management systems. This is published by BSI as BS7799 Part 2.
4) Can I re-publish parts or all of ISO17799 News on our company intranet or via internal communication?
Subject to reference to the source web site permission is almost always granted.
5) Can I discuss ISO17799 with people online?
A new forum has recently been created at: http://groups.yahoo.com/group/iso17799security/.
6) What is the difference between accreditation and certification?
Essentially an accreditation body is an organization (usually national) that grants third parties the authority to issue certificates (to certify). It is the latter, therefore, that issues certificates (certifies) against standards/etc. The former confers the right to do this on the certification company.