The International Standards Organization (ISO) 27000 and British Standard (BS) 7799 are detailed security standards. The BS 7799 and the ISO 27000 are very similar standards – the ISO 27000 standard includes two non-action sections at the start of the document. The standards are organized into ten major sections, each covering a different topic or area. The ten areas are:

1. Security Policy
2. Security Organization
3. Asset Classification and Control
4. Personnel Security
5. Physical and Environmental Security
6. Computer & Network Management
7. System Access Control
8. System Development and Maintenance
9. Business Continuity Planning
10. Compliance

Legislations such as HIPAA, GLBA and Sarbanes-Oxley identify security requirements that are consistent with the ISO 27000 standard in many areas. The ISO 27000 standard provides a common framework for implementing IT security controls that map to the requirements of several regulations. Further, the U.S. National Institute of Standards and Technology (NIST) publication “Recommended Security Controls for Federal Information Systems,” SP 800-53, includes an appendix that maps the section within SP 800-53 to the ISO 27000. The ISO 27000 is an important standard that provides an excellent framework for securing the enterprise information infrastructure.

ecfirst.com can help you with your ISO 27000/BS 7799 challenges and priorities. Call Lorna Waggoner and ask her for our white paper on ISO 27000. She can be reached at 1.877.899.9974 x17. Talk to us to learn more about our ISO 27000 solutions.

---