Directory of services/software for ISO 17799 audit  
ISO 17799 compliance, ISO17799 implementation and security risk analysis  
A launch pad for iso17799 security needs  

 The ISO 17799 Directory: Services & Software for ISO 17799 Compliance, ISO 17799 Audit, ISO17799 Implementation & Security Risk Analysis Contact Us Front Page

ISO27001, ISO17799 and Even BS7799

(From the news item on the original Computer Security News site)

This little lot are hot topics: all having been published or re-published relatively recently. But what ARE they?

ISO27001: This can perhaps be considered to be the top of the triange. It is the standard for information security MANAGEMENT systems. The jargon for this is 'ISMS'. It basically provides a 'specification' (more jargon) for a process driven system to manage information security effectively. The other two standards interlink and interplay with this.

ISO17799: This has a track record dating back to 2000. In fact way back to 1992, if you include earlier iterations under different covers and names. It is basically a set of security controls: hundreds of them, layed out in 12 sections. These controls are not mandatory in totality, but are to be selected from using the approaches and methods defined in ISO27001.

BS7799: And so to BS7799-3. This is where it can get confusing, because the above two standard shave been called BS7799 in earlier editions, ISO17799 used to be BS7799-1, and ISO27001 used to be BS7799. Next on the treadmill of ISO fast tracking seems to be BS7799-3. This specifically focuses upon security risk management. Again, it is over-arched by ISO27001.