Welcome to the ninth issue of ISO 17799 News, designed to keep you abreast of developments and news with respect to ISO17799 and information security.

The newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.

Included in this edition are the following topics:

• Creating Information Classification Criteria
• What is Information Security?
• Standard Certifications
• It Couldn't Happen Here.... Could It?
• Disposal of Old and Obsolete Equipment
• Section 11 - Getting Ready for Business Continuity Planning
• ISO17799 Section 12: The Sarbanes-Oxley Act 2002
• BCP Top Down
• FAQ: Frequently Asked ISO17799 & ISO27001 Questions
• Controlling Changes to the Service Level AgreemenT
• More ISO 17799 and Security Related Terms and Definitions

WHAT IS INFORMATION SECURITY?
We are sometimes asked the most basic of information security question of all: "What is information security?". This can actually be surprisingly difficult to define. However, the introduction to the standard itself characterizes information security as the preservation of what is often known as CIA:

Confidentiality
Ensuring that information is accessible only to those authorized to have access

Integrity
Safeguarding the accuracy and completeness of information and processing methods

Availability
Ensuring that authorized users have access to information and associated assets when required.

It further explains that "information security is achieved by implementing a suitable set of controls", and that these need to be "established to ensure that the specific security objectives of the organization are met".