Information security management best practice based on ISO/IEC 17799; the international information security standard provides a framework for ensuring business continuity, maintaining legal compliance, and achieving a competitive edge.

Information Management Journal › Vol. 39 Nbr. 4, July 2005

Author: Saint-Germain, Rene

Position:: Setting Standard

Linked as:

< Previous

Next >

Summary

Setting Standard

See the full content of this document

Extract

Information security management best practice based on ISO/IEC 17799; the international information security standard provides a framework for ensuring business continuity, maintaining legal compliance, and achieving a competitive edge.

Security matters have become an integral part of daily life, and organizations need to ensure that they are adequately secured. While legislatures enact corporate governance laws, more and more businesses are seeking assurance that their vendors and partners are properly protecting information assets from security risks and are taking necessary measures to ensure business continuity. Security management certification provides just such a guarantee, thereby increasing client and partner confidence.

A number of best practice frameworks exist to help organizations assess their security risks, implement appropriate security controls, and comply with governance requirements as well as privacy and information security regulations. Of the various best practice frameworks available, the most comprehensive approach is based on the implementation of the international information security management standard, ISO/IEC 17799, and subsequent certification against the British standard for information security, BS 7799. This ISO 17799/BS 7799 frame work is the only one that allows organizations to undergo a third-party audit.

Organizations today must deal with a multitude of information security risks. Terrorist attacks, fires, floods, earthquakes, and other disast...

See the full content of this document