NEW DEVELOPMENTS IN ISO 27000 SERIES
http://www.iso27001security.com/html/iso27000.html
How are ISO 27001 and ISO 17799 different from the original, BS7799-2?
ISO 27001 is the replacement for BS7799-2 which was first published in 1999 by the British Standards Institute (BSI). In December 2000, BS7799 code of practice, published in 1995, became ISO 17799, which was updated in 2005. ISO 27001 is the specification that an organization is audited against and provides a single framework for an organization to build an ISMS that assures the necessary management systems comply with known security and privacy regulations.
ISO 27001 has the same requirements as ISO 17799, but also provides the "shalls," which are the mandatory requirements that must be met to ensure that an organization can provide the holistic approach needed to minimize the redundant investment in separate project teams reacting to address a single regulation. Transition arrangements have been introduced by the various certification bodies for conversion from BS7799 certification to ISO 27001 certification. Globally, over 3,000 organizations are ISO 27001 certified.
ISO 27001 specifies the mandatory requirements for establishing, implementing, and documenting ISMS and specifies requirements for security controls to be implemented according to the needs of individual organizations. It consists of 11 control sections, 39 control objectives, and 133 controls and is aligned with ISO 17799. It includes a plan-do-check-act (PDCA) model, which enables continual improvement.
ISO 27001 is based on a nine-part process, outlined as follows:
Define the scope of the ISMS;
Define a security policy; " Undertake a risk assessment/analysis;
Manage the risk; " Select control objectives and the actual controls to be implemented/applied; and
Prepare a Statement of Applicability.
Implement and operate the ISMS
Continue to monitor and review the ISMS
Maintain and improve the ISMS
https://www.csialliance.org/issues/iso_27001/
ISO/IEC 17799:2005 Information technology - Security techniques - Code of practice for information security management
http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=42103&scopelist=PROGRAMME
ISO/IEC 27001:2005 Information technology -- Security techniques -- Information security management systems -- Requirements
http://www.iso.ch/iso/en/CatalogueDetailPage.CatalogueDetail?CSNUMBER=42103&scopelist=PROGRAMME
Wednesday, October 25, 2006
ISO/IEC 17799:2005 and ISO/IEC 27001:2005
Subscribe to:
Post Comments (Atom)
0 comments:
Post a Comment