The ISO 17799 Directory

The ISO 17799  Directory                    

Buy ISO 17799
Compliance Tools
ISO 17799 FAQ
Risk Analysis
Security Policies
Contact Page





Welcome to the ISO 17799 Directory. Here you will find background information covering the international ISO 17799 standard, its contents, guidance on how to comply with it, and details of commercial resources intended to assist in this process.

But What Is ISO 17799?
ISO17799 is actually "a comprehensive set of controls comprising best practices in information security". It is essentially, in part (extended), an internationally recognized generic information security standard.

Its predecessor, titled BS7799-1, has existed in various forms for a number of years, although the standard only really gained widespread recognition following publication by ISO (the International Standards Organization) in December of 2000. Formal certification and accreditation were also introduced around the same time.    

The Contents of the Standard?
The ISO 17799 standard comprises ten prime sections:
Security Policy 
System Access Control
Computer & Operations Management
System Development and Maintenance
Physical and Environmental Security
Personnel Security
Security Organization
Asset Classification and Control
Business Continuity Management (BCM)

Within these sections are the detailed statements and clauses that comprise the standard itself. In addition, the standard includes a Forward (setting the scene), a Scope, and a section defining various terms.

Certification and Compliance
The first step towards ISO 17799 certification is of course to comply with the standard itself. This is is good security practice in its own right, but it is also the longer term status adopted by a number of organizations, who require the assurance of an external measure, yet  do not wish to proceed with an external or formal process immediately. 

In either case, the method and rigor enforced by the standard can be put to good use in terms of better management of risk. It is also being used in some sectors as a market differentiator, as organizations begin to quote their ISO 17799 status within their individual markets and to potential customers... which is another factor to ensure much wider uptake of the standard.

What Next?
There is no doubt that ISO17799 in not going to disappear - far from it. Whatever your intention, however, it is hoped that this Directory will assist. You can directly acquire not only  the standard itself or the accompanying introductory toolkit, but software to help with compliance, ISO 17799 aligned security policies, a risk analysis product (risk assessment is actually a basic requirement of the standard) and a number of other essential resources.     


Further Information
A number of other, external sites offer additional and different insights into the ISO 17799 security standard:

The ISO17799 Newsletter
Introduction of Security Risk Analysis
A Presentation on  ISO17799
ISO17799 Security World


If, however, you need any further assistance of guidance, or simply wish to comment on this directory or on the standard itself, please do feel free to contact us via email. 



Useful Portals
Computer World  Computer News Google Securiteam

ISO 17799 at The Search Directory  


Note that this directory is currently relocating


Buy ISO 17799 ] Compliance Tools ] Auditors ] ISO 17799 FAQ ] Risk Analysis ] Security Policies ] BCM ] Downloads ] Contact Page ]