Welcome to the ninth issue of ISO 17799 News, designed to keep you abreast of developments and news with respect to ISO17799, ISO27001 and information security.
The newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Included in this edition are the following topics:
ISO17799 FAQ: MORE FREQUENTLY ASKED QUESTIONS
1) What controls are considered by the standard to be essential to an organization from a legal viewpoint?
Many sections embrace and cover legislative issues, but the following 3 areas are specifically highlighted: data protection and privacy of personal information; intellectual property rights; safeguarding or organizational records
2) Who actually wrote the security standard?
Originally a BSI/DISC committee, which included representatives from a wide section of commerce and industry. It was subsequently reviewed by an International Standards Organization committee and emerged through the ISO publication process.
3) Can I republish articles from the ISO17799 / ISO27001 Newsletter internally, or even on our external internet site?
Yes, subject to a link to this website.
4) And what about from a common best practice viewpoint?
The following areas are highlighted: security policy document; assignment of security responsibilities; business continuity management; security education and training; reporting of security incidents
5) Where can I discuss ISO 17799 with other people online (eg: a message board)?
ISO17799 Forums exists at: ISO 17799 User Group and ISO 17799 at Yahoo
6) What is ISO27001?
ISO27001 is the proposed name for the ISO version of BS7799