ISO/IEC 17799: A Methodological Information Management System

613 WordsFeb 6, 20182 Pages
ISO/IEC 17799 and subsequent certification against the British standard for information security BS7799 is the most comprehensive approach of all frameworks for best practices (Saint-Germain, 2005). The framework contains 10 security domains, 36 control objectives, and 127 controls that identify specific means for meeting the control objectives. The domains consist of organizational security, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, systems development and maintenance, business continuity management, and compliance. The control objectives consist of general statements of security goals in each of the domains. ISO/IEC 17799 is a complex system covering a number of security areas with flexibility to a variety of organizations. Successful implementation of the framework helps organizations reduce risk level where the organization spends less money to recover from security incidents. Each domain, control objective, and control can be designed to meet the individual organization's specific security needs. To implement ISO/IEC 17799/BS 7799, a methodological information system management system that facilitates planning, implementation, and documentation of security controls and assurance of constant process review, such as COBIT, also needs to be implemented. "COBIT is a tool that allows managers to communicate and bridge the gap with respect to control

More about ISO/IEC 17799: A Methodological Information Management System

Open Document