The International Standards Organization (ISO) 17799 and British Standard (BS) 7799 are detailed security standards. The BS 7799 and the ISO 17799 are very similar standards – the ISO 17799 standard includes two non-action sections at the start of the document. The standards are organized into ten major sections, each covering a different topic or area. The ten areas are:

1. Security Policy
2. Security Organization
3. Asset Classification and Control
4. Personnel Security
5. Physical and Environmental Security
6. Computer & Network Management
7. System Access Control
8. System Development and Maintenance
9. Business Continuity Planning
10. Compliance

Legislations such as HIPAA, GLBA and Sarbanes-Oxley identify security requirements that are consistent with the ISO 17799 standard in many areas. The ISO 17799 standard provides a common framework for implementing IT security controls that map to the requirements of several regulations. Further, the U.S. National Institute of Standards and Technology (NIST) publication “Recommended Security Controls for Federal Information Systems,” SP 800-53, includes an appendix that maps the section within SP 800-53 to the ISO 17799. The ISO 17799 is an important standard that provides an excellent framework for securing the enterprise information infrastructure.

ecfirst.com can help you with your ISO 17799/BS 7799 challenges and priorities. Call Lorna Waggoner and ask her for our white paper on ISO 17799. She can be reached at 1.877.899.9974 x17. Talk to us to learn more about our ISO 17799 solutions.

---