What is BS7799?
ISO17799 and BS7799 are security policies and standards procedures. The standard was initially known as a British standard called BS 7799, developed by the British Standards Institution. Later, it became the ISO IEC 17799 standard when it was adopted by the ISO IEC technical committee for international use.
Such a committee is called ISO IEC JTC 1 and is currently responsible for all information regarding technology standards, and the BS7799 refers specifically to Information Security Management Standard formally approved during the year 2000. This standard defines a set of recommended information security management practices, although it is probably better to say the standard is a set of recommendations, as the ISO IEC recommends that you consider each suggestion as you try to improve your information security program, and not view each suggestion as an inflexible obligation to follow.
Depending on your information security needs you may accept or not accept the BS7799 standards. If a particular recommendation helps you to address any important security matter then accept it, otherwise, ignore it. ISO17799 and BS7799 include an open approach to most of the common information issues related to electronic files, data files and software files, and paper documents. Information related to hand written notes, printed materials and photographs, recordings, video recordings and audio recordings, general communications including conversations, telephone conversations, cell phone conversations and face to face conversations, as well as messages such as email messages, fax messages, instant messages, video messages, physical messages, among many other items are considered as definition of the term "information".
Since the information has value and is therefore an asset, it needs to be protected just like any other corporate asset. Information should be protected just as the infrastructure that supports this information, including all the networks, systems, and functions that allow an organization to manage and control its information assets. BS7799 explains what you can do to protect your organization's information assets.
Today, organizations are faced with a wide range of security threats, from equipment failure to human errors, fraud, vandalism, theft, sabotage, flood, fire, and even terrorism in many countries, that is way the information needs to be protected. BS7799 suggests focusing your attention on three main points to guarantee your information security, which are integrity, confidentiality and availability. Integrity refers to the need to protect the completeness and accuracy of the information as well as the methods used to process it. Confidentially refers to the assurance that the information can only be accessed by the people who have the authorization to do so. And availability refers to the guarantee that those who have been authorized to use the information have access to it and all associated assets when needed.
To identify your information security risks and needs, you may need to perform a risk assessment. The best way to truly assess this information is to study any legal requirements as well as determining what your own requirements are to develop or improve your own information security program. B17799 simply tries to help those who inquire improve their information security requirements for overall safety.
Books on BS7799
 IT Governance: Data Security and BS 7799/ ISO 1779 |
Information (data) security is of ever increasing importance to both businesses and individuals and the extent and value of electronic data is growing exponentially. The commercial viability and profitability of enterprises of all sizes increasingly depends on the security, confidentiality and integrity of their data.
In particular, the future of e-commerce depends on data being secure, accessible and complete across the Web. Ultimately, consumer confidence will depend on how secure they feel their personal data is. Data security is now a critical consideration in all aspects of business - affecting decisions on contracting staff and ensuring customer loyalty, as well as pure IT issues. In addition, new laws and regulations give directors of public companies a legal responsibility to act on computer security. No handbooks currently available guide the businessperson through the maze of issues or through the process of achieving international standard (ISO) certification in Information Security Management. This book fills this gap and covers all aspects of data security, providing the reader with sufficient information to understand the major issues and how to minimize risk. |
 IT Governance: A Manager's Guide to Data Security and BS 7799/ISO 17799 |
"Companies across the USA, worried that cyberspace will be terrorism's next battleground have shored up security since September 11. About 77% of businesses improved defenses against hackers, viruses and other attacks. Such threats are real. Cyberspace attacks jumped 64% from a year ago." -- USA Today 8/19/02
IT governance is a critical aspect of corporate governance, and recent reports have focused boardroom attention on the need to ensure "best practice" in IT management. This important guide, now up-dated to contain the final BS7799 / ISO17799 nomenclature, explains current best practice in managing data and information security and gives a clear action plan for attaining certification. It is an essential resource for directors and senior managers in organizations of all sorts and sizes but particularly those with well-developed IT systems and those focused on e-commerce. Topics covered include: The need for information security and the benefits of certification; Information security management, policy and scope; Risk assessment; Personnel security; Physical and environmental security, Equipment security; Security controls; Controls against malicious software; Exchanges of software, the Internet and e-mail; Access control; Housekeeping, network management and media handling; Mobile computing and teleworking; Systems development and maintenance; Cryptographic controls; Compliance |
|
|
|
