I've not heard of it before, but I did check it out and found this:
http://www.iso-17799.com
Welcome to the ISO 17799 Directory. Here you will find information covering the ISO 17799 standard itself, its contents, guidance on how to comply with it and details of resources to assist in this process.
What Is ISO 17799?
ISO 17799 is "a comprehensive set of controls comprising best practices in information security". It is essentially an internationally recognized generic information security standard.
Its predecessor, BS7799-1, has existed in various forms for a number of years, although the standard only really gained widespread recognition following publication by the International Standards Organization (ISO) in December 2000. Formal certification and accreditation were also introduced around the same time.
Contents? The standard comprises ten prime sections:
Business Continuity Planning
System Access Control
System Development and Maintenance
Physical and Environmental Security
Compliance
Personnel Security
Security Organization
Computer & Operations Management
Asset Classification and Control
Security Policy
Within these are the detailed statements that comprise the standard.
Compliance and Certification
The first step towards ISO17799 certification is of course to comply with the standard itself. This is of course is good security practice in itself, but it is also the longer term status adopted by a number of organizations, who require the assurance of external measure, yet do not wish to proceed with formal or external process.
In either case, the rigor enforced by the standard can be put to good use in terms of better management of risk. It is also being used in some sectors as a market differentiator, as organizations begin to quote their ISO 17799 status within their individual markets and to potential customers... another factor to ensure much wider uptake of the standard.
BS ISO/IEC 17799:2000 - Code of practice for information security management
Linear Mode
