FAQ Online

What is BS7799?

ISO17799 and BS7799 are security policies and standards procedures. The standard was initially known as a British standard called BS 7799, developed by the British Standards Institution. Later, it became the ISO IEC 17799 standard when it was adopted by the ISO IEC technical committee for international use.

Such a committee is called ISO IEC JTC 1 and is currently responsible for all information regarding technology standards, and the BS7799 refers specifically to Information Security Management Standard formally approved during the year 2000. This standard defines a set of recommended information security management practices, although it is probably better to say the standard is a set of recommendations, as the ISO IEC recommends that you consider each suggestion as you try to improve your information security program, and not view each suggestion as an inflexible obligation to follow.

Depending border=”0″ alt=”IT Governance: Data Security and BS 7799/ ISO 1779″>
IT Governance: Data Security and BS 7799/ ISO 1779
Information (data) security is of ever increasing importance to both businesses and individuals and the extent and value of electronic data is growing exponentially. The commercial viability and profitability of enterprises of all sizes increasingly depends border=”0″ alt=”IT Governance: A Manager’s Guide to Data Security and BS 7799/ISO 17799″>
IT Governance: A Manager’s Guide to Data Security and BS 7799/ISO 17799
“Companies across the USA, worried that cyberspace will be terrorism’s next battleground have shored up security since September 11. About 77% of businesses improved defenses against hackers, viruses and other attacks. Such threats are real. Cyberspace attacks jumped 64% from a year ago.” — USA Today 8/19/02

• 60% of organizations have suffered a data security breach in the last 2 years. 43% of those with sensitive or critical information have suffered an extremely serious one.
• IT security is now the key boardroom issue of the e-commerce age.
• Aimed at CEOs, FOs, and senior managers in the private and public sectors.
• Explains current “best practice” in managing data and information security
• Encourages companies to ensure effective management control and legal compliance through attaining BS 7799 / ISO 17799.

IT governance is a critical aspect of corporate governance, and recent reports have focused boardroom attention on the need to ensure “best practice” in IT management.

This important guide, now up-dated to contain the final BS7799 / ISO17799 nomenclature, explains current best practice in managing data and information security and gives a clear action plan for attaining certification. It is an essential resource for directors and senior managers in organizations of all sorts and sizes but particularly those with well-developed IT systems and those focused on e-commerce.

Topics covered include: The need for information security and the benefits of certification; Information security management, policy and scope; Risk assessment; Personnel security; Physical and environmental security, Equipment security; Security controls; Controls against malicious software; Exchanges of software, the Internet and e-mail; Access control; Housekeeping, network management and media handling; Mobile computing and teleworking; Systems development and maintenance; Cryptographic controls; Compliance