Directory of services/software for ISO 17799 audit
|The ISO 17799 Directory: Services & Software for ISO 17799 Compliance, ISO 17799 Audit, ISO17799 Implementation & Security Risk Analysis|
ISO27001, ISO17799 and Even BS7799
(From the news item on the original Computer Security News site)
This little lot are hot topics: all having been published or re-published relatively recently. But what ARE they?ISO27001: This can perhaps be considered to be the top of the triange. It is the standard for information security MANAGEMENT systems. The jargon for this is 'ISMS'. It basically provides a 'specification' (more jargon) for a process driven system to manage information security effectively. The other two standards interlink and interplay with this.
ISO17799: This has a track record dating back to 2000. In fact way back to 1992, if you include earlier iterations under different covers and names. It is basically a set of security controls: hundreds of them, layed out in 12 sections. These controls are not mandatory in totality, but are to be selected from using the approaches and methods defined in ISO27001.
BS7799: And so to BS7799-3. This is where it can get confusing, because the above two standard shave been called BS7799 in earlier editions, ISO17799 used to be BS7799-1, and ISO27001 used to be BS7799. Next on the treadmill of ISO fast tracking seems to be BS7799-3. This specifically focuses upon security risk management. Again, it is over-arched by ISO27001.
HOME ~ WEBLINKS ~ CONTACTS
==> SOFTWARE DOWNLOAD AREA <==