ISO 27001, ISO 27002 & ISO17799 User Group


Create an account	Home · Topics · Downloads · Your Account · Submit News · Top 10

Modules

· Home
· Downloads
· FAQ
· Feedback
· Forums
· Papers
· Statistics
· Surveys
· Top 10
· Topics
· Web Links
· Your Account

Who's Online

There are currently, 13 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here

ISO17799 Search

Languages

Select Interface Language:

ISO 17799 Resources

There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.

Call for Papers

We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.

ISO 27001, ISO 27002 & ISO17799 User Group FAQ (Frequently Asked Questions)

Category: Main -> ISO17799, ISO27001 and ISO27002

Question
· When was ISO17799 published? · What is ISO17799? · What is BS7799? · ISO17799 is used throughout the world, but was it internationally created? · Is it linked to a specific national legal system? · What is risk assessment? · Tools to help? · Is ISO 9000 Involved? · What is ISO 27002?

Answer
· When was ISO17799 published? The standard stems from an original publication in 1993, from the DTI (Department of Trade and Industry) in the UK. It became BS7799 in 1995 and ISO17799 in December 2000. [ Back to Top ]
· What is ISO17799? ISO17799 Part 1 is 'intended to serve as a single reference point for identifying the range of controls needed for most situations where information systems are used in industry and commerce, and to be used by large, medium and small organizations'. [ Back to Top ]
· What is BS7799? BS7799 was the forerunner of ISO17799. Although it was superseded in December 2000, a second part has since been published to cover information security management systems. [ Back to Top ]
· ISO17799 is used throughout the world, but was it internationally created? Yes. The latest versions included input from representatives from many nations, including Australia, Brazil, Germany, Norway, UK and USA, amongst others. [ Back to Top ]
· Is it linked to a specific national legal system? No. It is generic in terms of legislation. [ Back to Top ]
· What is risk assessment? A classical definition of Risk Analysis is one which describes it as a process to ensure that the security controls for a system are fully commensurate with its risks. This embraces the study of relevant threats, vulnerabilities, controls in place and of course potential impacts. [ Back to Top ]
· Tools to help? Apart from The ISO17799 Toolkit itself, the most well known is COBRA, which performs both ISO17799 gap analysis and risk analysis. [ Back to Top ]
· Is ISO 9000 Involved? BS7799 Part 2 has been 'harmonized' with other management standards such as ISO 14001 and ISO 9001. [ Back to Top ]
· What is ISO 27002? ISO 27002 is the suggested new name for ISO 17799. No date has yet been confirmed for this change, but it was originally mooted to be sometime during 2007. The new ISO27002 standard is at this stage expected to be identical to ISO17799 in terms of content. [ Back to Top ]

[ Back to FAQ Index ]


The ISO 17799 Implementation Forum: A BS7799 / ISO27001, ISO17799 and ISO 27000 User Group All logos and trademarks are property of their respective owner. Comments are property of their posters. The rest © 2005 ISO17799 / ISO 27002 Forum AKA: BS 7799, SPE 20003, SS 627799, JIS X 5080, AS/NZS 4444, ISO 27001. Other links: UKAS accreditation body. SV Website source phpnuke.org (c) 2003, and is Free Software under GNU / GPL licence. All Rights Are Reserved.