Search in ISMS Guides


Tuesday, June 19, 2007

BS7799 And ISO/IEC17799

BS7799 is a standard based on years of practical security experience in real businesses. The standard covers all the main security issues from a manager's viewpoint and goes into significant depth in explaining good practice. The standard is divided into ten main sections each of which is key to maintaining security. These are:

  1. Security Policy - explains what an information security policy is, what it should cover and why your business should have one.
  2. Organisational Security - explains how information security should be managed in a business.
  3. Asset Classification and Control - assets include the information itself, computers, software and even services. These could all be valuable and need to be managed and accounted for.
  4. Personnel Security - personnel issues such as training, responsibilities, vetting procedures, and how staff respond to security incidents.
  5. Physical and Environmental Security - physical aspects of security including protection of equipment and information from physical harm, keeping key locations secure as well as physical control of access to information and equipment.
  6. Communications and Operations Management - appropriate management and secure operation of information processing facilities during day-to-day activities. This specifically includes computer networks.
  7. Access Control - control of access to information and systems on the basis of business and security needs. Access control is concerned with controlling who can do what with your information resources.
  8. System Development and Maintenance - some businesses develop their own software. This part of the standard deals with the issues that are associated with the design and maintenance of systems so that they are secure and maintain information integrity.
  9. Business Continuity Management - addresses the maintenance of essential business activities during adverse conditions, from coping with major disasters to minor local issues.
  10. Compliance - concerns business compliance with relevant national and international laws.

No comments: