|
ISO 17799
Sound information security is the cornerstone of sensible corporate governance. The emergence of an international standard to support this, was perhaps, inevitable.
• WHAT IS ISO 17799
• ADVANTAGES - ISO 17799
• WHY SAG Management Services Pvt. Ltd.
• Cost
WHAT IS ISO 17799
ISO/IEC 17799 is an information security standard published in December 2000 by the International Organization for Standardization and the International Electrotechnical Commission in 2000 entitled Information technology
The standard effectively comprises of two parts:
a) Part 1: ISO/IEC 17799:2000
This is essentially the set of security controls: the measures and safeguards for potential implementation. In volume it is the main body of the overal 'standard set' itself.
The contents of this part are as follows:
1. Scope
2. Terms and definitions
3. Security Policy
3.1. Information Security POlicy
4. Security Organization
4.1 Information Security Infrastructure
4.2 Security and Third Party Access
4.3 Outsourcing
5. Asset Classification and Control
5.1 Accountability for assets
5.2 Information Classification
6. Personnel Security
6.1 Security in Job Definition and Resourcing
6.2 User Training
6.3 Responding to Security Incidents and Malfunctions
7. Physical and Environmental Security
7.1 Secure Areas
7.2 Equipment Security
7.3 General Controls
8. Communications and Operations Management
8.1 Operational Procedures and Responsibility
8.2 System Planning and Acceptance
8.3 Protection Against Malicious Software
8.4 Housekeeping
8.5 Network Management
8.6 Media Handling and Security
8.7 Exchanges of Information and Software
9 Access Control
9.1 Business Requirement for Access Control
9.2 User Access Management
9.3 User Responsibilities
9.4 Network Access Control
9.5 Operating System Access Control
9.6 Application Access Management
9.7 Monitoring System Access and Use
9.8 Mobile Computing and Telenetworking
10. System Development and Maintenance
10.1 Security Requirements of Systems
10.2 Security in Application Systems
10.3 Cryptographic Controls
10.4 Security of System Files
10.5 Security in Development and Support Processes
11. Business Continuity Management
11.1 Aspects of Business Continuity Management
12. Compliance
12.1 Compliance with Legal Requirements
12.2 Reviews of Security Policy and Technical Compliance
12.3 System Audit Considerations
b) Part 2: BS7799-2:1999
This is the 'specification' for an Information Security Management System (ISMS). It is the means to measure, monitor and control security management from a top down perspective. It essentially explains how to apply ISO 17799 and it is this part that can currently be certified against.
Part 2 defines a six part 'process', roughly as follows:
- Define a security policy
- Define the scope of the ISMS
- Undertake a risk assessment
- Manage the risk
- Select control objectives and controls to be implemented
- Prepare a statement of applicability.
This possibly illustrates why risk analysis and security policies are so fundamental to progress with this standard.
ADVANTAGES - ISO 17799
-
A rise in the number of customers by maintaining the customer information confidentially.
-
Committed Top Management.
-
Lets the Organization to have more serious focus on the little scraps of information.
-
Volume of data maintenance can be reduced - when classification of data is done redundant data can be eliminated.
-
Availability of a security policy and regulations make it easier to resolve security incidents.
-
Availability of a business continuity process.
WHY SAG Management Services Pvt. Ltd.
SAG Management Services Pvt. Ltd. has an enviable record for customer satisfaction for its certification services. A friendly approach and a dislike of bureaucracy has led to unprecedented growth through referrals from contented clients.
COST
Please fill a simple questionnaire and we will get in touch with you and tell you about the our most competitive rates. |
