Welcome to the ISO 17799 Directory. Here you will find background information
covering the international ISO 17799 standard, its contents, guidance on how to
comply with it, and details of commercial resources intended to assist in this process.
What Is ISO
ISO17799 is actually "a comprehensive set of controls comprising best practices in
information security". It is essentially, in part (extended), an internationally recognized
generic information security standard.
Its predecessor, titled BS7799-1, has existed in
various forms for a number of years, although the standard only really gained
widespread recognition following publication by ISO (the International Standards
Organization) in December of 2000. Formal certification and accreditation were
also introduced around the same time.
of the Standard?
The ISO 17799 standard comprises ten prime sections:
|System Access Control
|Computer & Operations Management
|System Development and Maintenance|
|Physical and Environmental Security|
|Asset Classification and Control|
|Business Continuity Management (BCM)
Within these sections are the detailed statements and clauses that comprise the
standard itself. In addition, the standard includes a Forward (setting the
scene), a Scope, and a section defining various terms.
Certification and Compliance
The first step towards ISO 17799 certification is of course to comply with the
standard itself. This is is good security practice in its own right, but it
is also the longer term status adopted by a number of organizations, who require
the assurance of an external measure, yet do not wish to proceed with an
external or formal process immediately.
In either case, the method and rigor enforced by the standard can be put to good use in
terms of better management of risk. It is also being used in
some sectors as a market differentiator, as organizations begin to quote their
ISO 17799 status within their individual markets and to potential customers...
which is another factor to ensure much wider uptake of the standard.
There is no doubt that ISO17799 in not going to disappear - far from it. Whatever
your intention, however, it is hoped that this Directory will assist. You can
directly acquire not only the standard itself
or the accompanying introductory toolkit, but
software to help with compliance, ISO 17799 aligned security policies, a risk analysis product (risk
assessment is actually a basic requirement of the standard) and a number of other essential
A number of other, external sites offer additional and different insights into the ISO 17799 security standard:
If, however, you need any further assistance of guidance, or simply wish to
comment on this directory or on the standard itself, please do feel free
to contact us via email.
Computer World Computer
News Google Securiteam
17799 at The Search Directory
Note that this directory is currently relocating