ISO17799 and BS7799 are security policies and standards procedures. The standard was initially known as a British standard called BS 7799, developed by the British Standards Institution. Later, it became the ISO IEC 17799 standard when it was adopted by the ISO IEC technical committee for international use.
Such a committee is called ISO IEC JTC 1 and is currently responsible for all information regarding technology standards, and the BS7799 refers specifically to Information Security Management Standard formally approved during the year 2000. This standard defines a set of recommended information security management practices, although it is probably better to say the standard is a set of recommendations, as the ISO IEC recommends that you consider each suggestion as you try to improve your information security program, and not view each suggestion as an inflexible obligation to follow.
Depending on your information security needs you may accept or not accept the BS7799 standards. If a particular recommendation helps you to address any important security matter then accept it, otherwise, ignore it. ISO17799 and BS7799 include an open approach to most of the common information issues related to electronic files, data files and software files, and paper documents. Information related to hand written notes, printed materials and photographs, recordings, video recordings and audio recordings, general communications including conversations, telephone conversations, cell phone conversations and face to face conversations, as well as messages such as email messages, fax messages, instant messages, video messages, physical messages, among many other items are considered as definition of the term “information”.
Since the information has value and is therefore an asset, it needs to be protected just like any other corporate asset. Information should be protected just as the infrastructure that supports this information, including all the networks, systems, and functions that allow an organization to manage and control its information assets. BS7799 explains what you can do to protect your organization’s information assets.
Today, organizations are faced with a wide range of security threats, from equipment failure to human errors, fraud, vandalism, theft, sabotage, flood, fire, and even terrorism in many countries, that is way the information needs to be protected. BS7799 suggests focusing your attention on three main points to guarantee your information security, which are integrity, confidentiality and availability. Integrity refers to the need to protect the completeness and accuracy of the information as well as the methods used to process it. Confidentially refers to the assurance that the information can only be accessed by the people who have the authorization to do so. And availability refers to the guarantee that those who have been authorized to use the information have access to it and all associated assets when needed.
To identify your information security risks and needs, you may need to perform a risk assessment. The best way to truly assess this information is to study any legal requirements as well as determining what your own requirements are to develop or improve your own information security program. B17799 simply tries to help those who inquire improve their information security requirements for overall safety.