The ISO27000 Newsletter - News & Views on the ISO/IEC Security Standard

ISO17799 News - Issue 3

Welcome to the third edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to 17799 and information security.

The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.

Guidance and information included in this months issue:


1) When was it published?
December 2000

2) Who wrote it?
Originally a BSI/DISC committee including representatives from a cross section of trade and industry. It was subsequently reviewed by an ISO committee and emerged through the ISO publication process.

3) What is BS 7799
BS7799 was the forerunner of ISO17799. It was superseded in Dec 2000

4) How can I measure and manage compliance?
The most well known tool is COBRA, which is also an established risk analysis product. A newly published tool is also described above (The ISO17799 Toolkit).

5) Tools to help me comply?
See the list of resources above

6) Who is accredited to certify (certification bodies)?
BSI, DNV, LRQA, National Quality Assurance, and others.

7) What is ISO17799? ISO17799 Part 1 is "intended to serve as a single reference point for identifying the range of controls needed for most situations where information systems are used in industry and commerce, and to be used by large, medium and small organizations". It is essentially a 'code of practice'

8) What is Part 2?
ISO17799 Part 2 is a "specification for information security management systems". This is not an optional extra, but is critical to the process.




Free subscription is via our online form



Contact Us

© Copyright 2005/2006. RS