ISO 17799

February 2017

Introduction to ISO 17799

Stemming from the British standard BS 7799, the ISO 17799 standard gives guidelines and recommendations for security management.

Standard 17799 also provides a framework for identifying and implementing solutions for the following risks:

  • Security Policy: write and communicate the company's security policy
  • Security Organisation: define roles and responsibilities. Monitor partners and outsourced business
  • Asset Classification and Control: take an inventory of company goods and define how critical they are and their associated risk
  • Personnel Security: hiring, training and raising security awareness
  • Physical and Environmental Security: security area, inventory of security equipment
  • Communication / Operations Management: accident procedures, recovery plan, definition of levels of service and recovery time, protection against malicious programs, etc.
  • Access Control: set up of access controls at different levels (systems, networks, buildings, etc.)
  • System Development and Maintenance: taking security into account in systems from design to maintenance
  • Business Continuity Planning: defining needs in terms of availability, recovery time and setting up emergency exercises
  • Compliance: respecting copyrights, the law and company regulations

Related



ISO 17799
ISO 17799
ISO 17799
ISO 17799
ISO 17799
ISO 17799
ISO 17799
ISO 17799
This document, titled "ISO 17799," is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).