Has anyone experience of ISO17799 ?

I've been asked to find out about it by my company.
All I know at the moment is that it's to do with software security.
Can you get audited by 3rd party?
Is it worth doing?
Will our customers be impressed?

Cheers

Brian

I've not heard of it before, but I did check it out and found this:

http://www.iso-17799.com

Welcome to the ISO 17799 Directory. Here you will find information covering the ISO 17799 standard itself, its contents, guidance on how to comply with it and details of resources to assist in this process.

What Is ISO 17799?

ISO 17799 is "a comprehensive set of controls comprising best practices in information security". It is essentially an internationally recognized generic information security standard.

Its predecessor, BS7799-1, has existed in various forms for a number of years, although the standard only really gained widespread recognition following publication by the International Standards Organization (ISO) in December 2000. Formal certification and accreditation were also introduced around the same time.

Contents? The standard comprises ten prime sections:

Business Continuity Planning
System Access Control
System Development and Maintenance
Physical and Environmental Security
Compliance
Personnel Security
Security Organization
Computer & Operations Management
Asset Classification and Control
Security Policy

Within these are the detailed statements that comprise the standard.

Compliance and Certification

The first step towards ISO17799 certification is of course to comply with the standard itself. This is of course is good security practice in itself, but it is also the longer term status adopted by a number of organizations, who require the assurance of external measure, yet do not wish to proceed with formal or external process.

In either case, the rigor enforced by the standard can be put to good use in terms of better management of risk. It is also being used in some sectors as a market differentiator, as organizations begin to quote their ISO 17799 status within their individual markets and to potential customers... another factor to ensure much wider uptake of the standard.

Also check these:

http://www.iso17799software.com/

http://www.yourgateway.to/iso17799/

http://www.iso-17799-security-world.co.uk/

BS7799 contains two parts I and II. BS7799 part I is now become part of ISO where as part I is not part of ISO. Organisations can be assessed for Part II. This is applicable for any type of organisations - IT and non-IT. There are ten domains of information security. I am a certifed implementer for BS7799. We are planning to implement in our organisation.

For more information about ISO17799/BS7799, you can download the following informations:
http://www.callio.com/files/wp_secura_en.pdf
https://www.callio.com/files/wp_iso_en.pdf
They're from Callio Technologies (www.callio.com), a software firm specializing in ISO17799/BS7799 software.
You can also visit a more neutral website at http://www.bs7799-iso17799.com.
:magic:

The BS7799 standard specified security objectives which are measurable. I have checked many sites and I dont get any information.

Can anyone quote examples of measurable security objectives and also how they are measured.

I appreciate any website references for this