OutSecure, Inc - Survival of the 'Securest'
NEWS
Advisory Board
Security Services
Audit & Capability Assessment
Risk Management
Continuity
Incidence Management

OutSecure, Inc.
Shelton Pointe
2 Trap Falls Road
Shelton, CT 06484

1-203-925-8388

Info: info@outsecure.com
Sales: sales@outsecure.com
 
:: FREQUENTLY ASKED QUESTIONS ::



What is ISO 17799?

ISO 17799 is an internationally recognized Information Security Management Standard, first published by the International Organization for Standardization, or ISO (www.iso.ch), in December 2000. ISO 17799 is high level, broad in scope, and conceptual in nature. This approach allows it to be applied across multiple types of enterprises and applications. It has also made the standard controversial among those who believe standards should be more precise. In spite of this controversy, ISO 17799 is the only "standard" devoted to Information Security Management in a field generally governed by "Guidelines" and "Best Practices."

ISO 17799 defines information as an asset that may exist in many forms and has value to an organization. The goal of information security is to suitably protect this asset in order to ensure business continuity, minimize business damage, and maximize return on investments.

As defined by ISO 17799, information security is characterized as the preservation of:
•Confidentiality - ensuring that information is accessible only to those authorized to have access.
•Integrity - safeguarding the accuracy and completeness of information and processing methods.
•Availability - ensuring that authorized users have access to information and associated assets when required.

For more information, please visit the ISO 17799 & BS7799 Community Portal.

What is BS 7799?

The BS 7799 standard now consists of Part 1: Code of Practice, and Part 2: Specification of Information Security Management Systems.

While some organizations utilized the BS 7799 standard, demand grew for an internationally recognized information security standard under the aegis of an internationally recognized body, such as the ISO. This demand led to the "fast tracking" of BS 7799 Part 1 by the BSI, culminating in its first release by ISO as ISO/IEC 17799:2000 in December 2000. As of September 2001, only BS 7799 Part 1 has been accepted for ISO standardization because it is applicable internationally and across all types of organizations. Movement to submit BS 7799 Part 2 for ISO standardization has been withdrawn.

BS 7799 Part 1 (ISO 17799) versus BS 7799 Part 2 - It is important to understand the distinctions between Part 1 and Part 2 of the BS 7799 standard in order to later understand the dilemma facing conformance assessment. Part 1 is an implementation guide, based on suggestions. It is used as a means to evaluate and build sound and comprehensive information security infrastructure. It details information security concepts an organization "should" do. BS 7799 Part 2 is an auditing guide based on requirements. To be certified as BS 7799 compliant, organizations are audited against Part 2.

For more information, please visit the ISO 17799 & BS7799 Community Portal.

Benefits of ISO 17799

Information security is always a matter of trade-offs, balancing business requirements against the triad of confidentiality, integrity, and availability. ISO 17799 offers a benchmark against which to build organizational information security. It also offers a mechanism to manage the information security process. ISO 17799 is a comprehensive information security process that affords enterprises the following benefits:
•An internationally recognized, structured methodology
•A defined process to evaluate, implement, maintain, and manage information security
•A set of tailored policies, standards, procedures, and guidelines
•Certification allows organizations to demonstrate their own and evaluate their trading partners' information security status
•Certification shows "due diligence"

How do I comply?

In order to comply with the BS 7799 standard, companies must have their security processes reviewed by the certification body, which entails two visits. The first visit is carried out to review the scope of any existing SIM (Security Information Management System) and includes a review of existing business structure, market objectives, security policy and approach to risk assessment. The second visit is an audit to check for compliance to the standard.

OutSecure recommends that all its Commercial customers seriously consider global security standards such as ISO17799 not merely to comply with the standard but because it makes good business sense.

Find out more...

If you are interested in finding out more ISO security standards and how they can help your company tighten it's security policy, please call or e-mail: info@outsecure.com

For more information, please visit the ISO 17799 & BS7799 Community Portal.
   
©2004 Outsecure, Inc.
About Us Industries Services Partners Resources Frequently Asked Questions Careers