Improved ISO/IEC 17799 Standard Makes Information More Secure

Published: Tuesday, July 12, 2005 - 22:00

An improved version of ISO/IEC 17799, which has become the e-commerce community’s international benchmark for information security management, was recently published. The new version broadens the standard’s definition of information security, providing best business practices, guidelines and general principles for implementing, maintaining and managing information in any organization, and producing and using information in any form. The new version also identifies the controls that form the starting point for information security, addressing asset management, human resources, physical and environmental security, communications and operations management, information systems acquisitions, development and maintenance, incident management, business continuity and compliance. It’s designed for all size organizations, public or private.

The revised standard recognizes that the level of security that can be achieved purely through technical means is limited. The required level of security—established through assessing the levels of risk and associated costs through breaches of security, against the costs of implementing security—should always be driven by appropriate management controls and procedures.

“Users of this standard can also demonstrate to business partners, customers and suppliers that they’re fit enough and secure enough to do business with, providing the chance for them to turn their investment in information security into business-enabling opportunities,” says Ted Humphreys, convener of the working group that developed the standard.

ISO/IEC 17799:2005 is a code of practice for information security management, but it’s not suitable for certification purposes.

For more information, visit www.iso.org.

About The Author