ISO/IEC17799-2005 is the international best practice information security management standards, defining and guiding Information Security Management System (ISMS) development.
ISO/IEC 17799 provides best practice recommendations on information security management by those who are responsible for initiating, implementing or maintaining information security management systems. Information security is defined within the standard as the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required).
The 2005 version of the standard contains the following eleven main sections:
- Security policy
- Organization of information security
- Asset management
- Human resources security
- Physical and environmental security
- Communications and operations management
- Access control
- Information systems acquisition, development and maintenance
- Information security incident management
- Business continuity management
- Compliance
Within each section, information security control objectives are specified and a range of controls are outlined that are generally regarded as best practice means of achieving those objectives. For each of the controls, implementation guidance is provided. Specific controls are not mandated since (a) each organization is expected to undertake a structured information security risk assessment process to determine its requirements before selecting controls that are appropriate to its particular circumstances.
References And Credits:
1 - http://www.iso.org
|
