Information Security Program Development
ISO/IEC 17799:2005, also referred to as simply "ISO 17799" is an international standard titled "Information technology -- Security techniques -- Code of practice for information security management".
ISO 17799 is an all-encompassing standard which takes a very broad approach to information security. The standard refers to information in all of its forms, from digital data to faxes and telephone conversations, ALL forms.
ISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. - International Organization for Standardization (ISO)
ISO 17799 consists of recommended information security practices, of which some may not apply to specific organizations.
In our opinion, ISO 17799 provides an excellent framework and reference to measure an information security program against.
ISO 17799 contains best practices in the following eleven areas of information security management:
Security Policy Management
Corporate Security Management
Organizational Asset Management
Human Resource Security Management
Physical and Environmental Security Management
Communications and Operations Management
Information Access Control Management
Information Systems Security Management
Information Security Incident Management
Business Continuity Management
Compliance Management
Reference: ISO/IEC 17799:2005 FAQs
There are numerous information security standards available all over the industry. It almost seems like everyone thinks that they have a better way of doing things. In the end, we always find ourselves coming back to ISO 17799. ISO 17799 is the most widely accepted, comprehensive standard available.
ISO 17799 also provides coverage for SOX regulations, FFIEC, GLBA Mandates, and HIPAA Standards.
Questions? Contact us for answers!
Copyright � 2009 FRSecure LLC All Rights Reserved.