Iso Security

IsoOrganization has involvements in SecurityManagement.

Relevant specifications include ISO17799 [and Part 2: auditing guidelines in BS7799-2 (2002 revision) - not yet adopted?].

There's an ISO 17799 specific wiki site ISO17799 is essentially identical to BS7799 part 1. It's mostly a collection of good advice. BS7799 Part 2 is a mandated approach to information security management. While it is a reasonable approach (in my opinion) it's not the only approach, and this restriction to a single approach was one of the reasons that the US (and possibly others) objected to its adoption as a ISO standard

Only Part 2 can be audited against, so if you see someone claiming compliance to ISO17799, make sure you understand exactly what they mean by that...


Another ISO security standard is ISO 13335 (GMITS or "Guidelines for the Management of IT security")


''ANSI has also being doing security analysis together with ISO. See a 2004 example


CategorySecurity


EditText of this page (last edited March 21, 2006) or FindPage with title or text search