ISO 17799 is now established as the de facto standard for information security. Over the years, as its influence has increased, it has also matured in terms of scope and supporting infrastructure. A second part has been established (BS7799) to cover management systems, and compliance and certification schemes are now well trodden paths.
The ISO 17799 Implementation and Resource Portal is intended to assist both newcomers and experienced security practitioners in terms of aggregating the key information and resources to move forward with the standard. It is intended to serve as a genuine launch pad for all needs with respect to both ISO 17799 and BS7799.
The portal offers a whole range of information, resources, templates, tools and news. It is also developing fast, and as a 'living site' contributions are always welcome.
| WHAT IS ISO 17799? |
WHERE CAN I FIND THE STANDARD?
|
|
ISO 17799 itself is actually a code of practice. It details over 130 specific controls, categorized into around 36 control objectives, listed in 11 distinct chapters. More details on these are provided HERE.
Confusion occasionally arises because of the existance of a 'second part'', which is known as BS7799. This, however, is NOT a code of practice, but is a specification for an Information Security Management System (ISMS).
|
|
|
The standard is a copyrighted publication, and is available through official and authorized sources. The most well known is probably BSI's electronic shop, Standards Direct, which provides the standard as a download in PDF format: ISO 17799 Download
The standard is also available as part of the ISO 17799 Toolkit, which is a specifically designed starter kit for the standard: ISO 17799 Toolkit
|
|
| INFORMATION SECURITY POLICIES |
SUPPORT RESOURCES
|
| The need for a comprehensive and detailed set of information security policies is a basic requirement of the standard. This is not only emphasized by the fact that policy, and policy management, is afforded a complete section within the standard, but by the status of policies within BS7799.
An aligned set of policies is, of course, included within the above toolkit. To help demonstrate the depth of content required, we are pleased to be able to provide an insight into these via the ISO 17799 Policy Content List
|
|
|
Since initial publication of the standard, a number of resources have emerged to assist ISO 17799 implementation. We will shortly be providing a directory of some of the major players.
|
|
| ISO17799 NEWSLETTER
|
GENERAL INFORMATION & PAPERS
|
|
The ISO17799 Newsletter is a long established quarterly (approx) email publication dedicated specifically to the standard. It's subscription base is 12,000 strong, and it provides all the latest news, along with tips and general security advice.
To subscribe to it, simply send an email to us with a title of 'ISO17799 Newsletter Subscription'. This will automatically forward to the publishers.
|
|
|
How has the standard evolved? What is its history? How have other organizations implemented it? What is on the horizon for the future?
These are all common questions and issues. Hopefully, this section will answer some or all of them.
We are also expanding our sections on risk analysis, and our library of security books.
|
|
Hopefully you will have found this portal to be of value. However, if you need further information, or perhaps wish to contribute some information, please do not hesitate to contact us directly.
|
