Network Security and ISO 27001 / 17799 News
  Create an account
:: Home  ::  Downloads  ::  Your Account  ::  Forums  ::
Login
Nickname

Password

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
 
Site Navigation
· Home
· Contribute Story!
· Downloads
· Encyclopedia
· Feedback Form
· Forums
· Infosecurity
· Iso17799-FAQ
· Legal
· Maillists
· Newsfeeds
· RFCs
· Search
· Stories Archive
· Surveys
· Top 10
· Topics
· Web Links
· Your_Account
 
User Info
Welcome, Anonymous
Nickname
Password
(Register)
Membership:
Latest: REav
New Today: 0
New Yesterday: 0
Overall: 54703

People Online:
Visitors: 10
Members: 0
Total: 10
 
Who's Online
There are currently, 10 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
 
BS7799 and ISO 17799
The following resources should prove to be good starting points for the standards:

Theory & information:
BS7799 & ISO 27001
Official downloads:
BS7799, ISO 17799, ISO 27001
User group for both:
ISO 17799, ISO 27001

 
Survey
Have security issues stalled VoIP deployments within your company?

Yes
No



Results
Polls

Votes 140
 
Network Security and ISO 27001 / 17799 News FAQ (Frequently Asked Questions)



Category: Main -> ISO 17799 AND BS7799

Question
·  What is ISO 17799?
·  What is BS7799-2?
·  Who wrote the ISO 17799 standard?
·  How many controls are included?
·  When was it created?
·  Is certification for ever?
·  Was it internationally authored?
·  Is it linked to a particular legal system?
·  What is risk assessment?
·  How is risk assessment related to the standard?
·  What is an 'accreditation body'?
·  Does ISO 900 fit into this?
·  What are the 10 sections of ISO 17799?
·  Is it truly a global standard?
·  Which controls are most important?
·  What is ISO/IEC Guide 62?
·  Who were the first certification bodies?
·  And the first firm to obtain a certificate?
·  What is PDCA?
·  Is there an online user group for the standard?

Answer
·  What is ISO 17799?

ISO 17799 is: "intended to serve as a single reference point for identifying the range of controls needed for most situations where information systems are used in industry and commerce, and to be used by large, medium and small organizations". It is basically a security 'code of practice'

[ Back to Top ]

·  What is BS7799-2?

BS7799-2: is a standard 'specification' for an Information Security Management System (an ISMS). It is the means used to measure, monitor and control their security from a 'top down' perspective. Fundamentally, it explains how to apply ISO17799 and it is this part that can currently be certified against.

It defines a six part process, broadly as follows:
Define a security policy
Define the scope of the ISMS
Undertake a risk assessment
Manage the risk
Select control objectives and controls to be implemented
Prepare a statement of applicability.

[ Back to Top ]

·  Who wrote the ISO 17799 standard?

Originally a BSI/DISC committee, which included representatives from a wide cross section of trade and industry.

It was subsequently reviewed by an ISO sub-committee and eventually emerged through the ISO publication process

[ Back to Top ]

·  How many controls are included?

ISO 17799 is organized into 10 sections.

These comprise 127 main controls and over 500 detailed controls.

[ Back to Top ]

·  When was it created?

The standard evolved from an original publication of 1993, published by the DTI (Department of Trade and Industry) in the UK. It became BS7799-1 in 1995 and ISO 17799 in December 2000. BS7799-2 was published in 2002.

[ Back to Top ]

·  Is certification for ever?

Official certification is normally for a finite period, typically of three year.

[ Back to Top ]

·  Was it internationally authored?

The latest versions included input from representatives from many nations, including Australia, Brazil, Germany, Norway, UK and USA, amongst others.

[ Back to Top ]

·  Is it linked to a particular legal system?

No. The standard is generic and international in terms of legislative content.

[ Back to Top ]

·  What is risk assessment?

This is often defined as: a process to ensure that the security controls for a system are fully commensurate with its risks. This includes the study of relevant threats, vulnerabilities, controls in place, and importantly, potential impacts.

[ Back to Top ]

·  How is risk assessment related to the standard?

It is an integral part. It should be used for the selection of controls from ISO 17799, and is a mandatory element of BS7799-2 (which covers process and information management systems).

[ Back to Top ]

·  What is an 'accreditation body'?

An accreditation body is an organization (usually a national one) that grants third parties the authority to issue 'certificates'.

It is the latter, 'certification bodies', that certify against standards. The accreditation body basically confers the right to do this to the certification company.

[ Back to Top ]

·  Does ISO 900 fit into this?

BS7799-2 is 'harmonized' with other management standards (such as ISO 9001 and ISO 14001).

[ Back to Top ]

·  What are the 10 sections of ISO 17799?

These are:
Security Policy
Security Organization
Asset Classification and Control
Physical and Environmental Security
Communications and Operations Management
Personnel Security
Systems Development and Maintenance
Business Continuity Management
Access Control
Compliance

[ Back to Top ]

·  Is it truly a global standard?

Yes.

It is sold in virtually every country in the world, in significant numbers. Certification is also widespread, with certificates in place in nations as diverse as: India, Australia, USA, China, Japan, UK, Italy, UAE, Egypt, Netherlands, Norway, Korea,Germany, Hong Kong, Sweden, and more.

[ Back to Top ]

·  Which controls are most important?

This is dependent upon individual organization. However, ISO 17799 gives some guidance, in the form of so-called 'legislative essentials' and 'common best practice'. These are:
information security policy document (section 3.1.1)
allocation of information security responsibilities (section 4.1.3)
information security education and training (section 6.2.1)
reporting security incidents (section 6.3.1)
business continuity management (section 11.1)
intellectual property rights (section 12.1.2)
safeguarding of organizational records (section 12.1.3)
data protection and privacy of personal information (section 12.1.4)

[ Back to Top ]

·  What is ISO/IEC Guide 62?

ISO/IEC Guide 62 is intended for those organizations operating certification schemes. It details the general requirements applicable to them.

[ Back to Top ]

·  Who were the first certification bodies?

LRQA and BSI

[ Back to Top ]

·  And the first firm to obtain a certificate?

Business Link City Partners.

[ Back to Top ]

·  What is PDCA?

This is the "Plan-Do-Check-Act" model.

It is used in BS 7799-2 and is intended to be used as the basis for creating, implementing, monitoring and maintaining an information security management system.

[ Back to Top ]

·  Is there an online user group for the standard?

Yes. See the block on the left hand side.

[ Back to Top ]



http://www.packetdefense.com. Network security and BS7799 / ISO 17799 / ISO 27001 News
2003 PacketDefense. Network Defense in Depth using ISO 27000
Web site engine's code is Copyright © 2003 by phpnuke dot org. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL.
Page Generation: 0.325 Seconds