Introduction to ISO 17799
Stemming from the British standard BS 7799, the ISO 17799 standard gives guidelines and recommendations for security management.
Standard 17799 also provides a framework for identifying and implementing solutions for the following risks:
- Security Policy: write and communicate the company's security policy
- Security Organisation: define roles and responsibilities. Monitor partners and outsourced business
- Asset Classification and Control: take an inventory of company goods and define how critical they are and their associated risk
- Personnel Security: hiring, training and raising security awareness
- Physical and Environmental Security: security area, inventory of security equipment
- Communication / Operations Management: accident procedures, recovery plan, definition of levels of service and recovery time, protection against malicious programs, etc.
- Access Control: set up of access controls at different levels (systems, networks, buildings, etc.)
- System Development and Maintenance: taking security into account in systems from design to maintenance
- Business Continuity Planning: defining needs in terms of availability, recovery time and setting up emergency exercises
- Compliance: respecting copyrights, the law and company regulations