The ISO 17799 Framework

621 Words3 Pages
ISO 17799 ISO 17799 is a detailed security standard organized into major areas of business continuity planning, system access control, system development and maintenance, physical and environmental security, compliance, personnel security, security organization, computer and operations management, asset classification, and control and security policy (Violino, 2005). This framework provides a high level of assurance in various areas of business. It is the most obvious for security and covers each topic at a high level providing some detailed recommendations (Schlarman, 2007). With any framework, it is essential to do a thorough self-assessment at the beginning to pinpoint areas of most need for improvement and establish a baseline to measure improvements against (Anthes, 2005). ISO 17799 contains ten security domains of Organizational Security, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, systems development and maintenance, business continuity management, and compliance, and seeks to address security compliance at all levels. It contains 36 control objectives consisting of general statements of security goals in each of the ten domains plus 127 controls that identify specific means for meeting the control objectives (Saint-Germain, 2005). ISO 17799 can be used as a guide for self-assessment in identifying areas of compliance that need improvement. ISO 17799 is
Open Document