Abstract: . . .  Subcommittee 27, IT Security techniques ,Working Group 1, Requirements, servic- es and guidelines has become timelier than ever. In view of the critical need for the business world to protect the confidentiality and integri- ty of information, the ISO /IEC working group has developed an improved version of the joint ISO /IEC standard that has become the burgeoning e- commerce community’s inter- national benchmark for infor- mation security management. ISO /IEC 17799 :2005 is a code of practice for information security management. It is not a certification standard and was . . .
. . .  larly by all the accredited cer- tification bodies involved. The ISO /IEC 27000 series ISO /IEC 17799 :2005 and the future ISO /IEC 27001 are part of the ISO /IEC 27000 series of standards being developed by JTC 1/SC 27. There is a pro- posal to allocate the number ISO /IEC 27002 to ISO /IEC 17799 in 2007. Currently, SC 27 is developing ISO /IEC 27003 and ISO /IEC 27004, aimed at providing supporting guidance for ISO /IEC 27001. The creation of a family of ISMS-related standards is intended to mirror the approach adopted by the ISO 9000:2000 series of QMS standards – and thus . . .
. . .  iso 17799 Page 1 ISO Management Systems – September-October 2005 27 ISO INSIDER Improved ISO /IEC 17799 heralds new series on information security management systems by Ted Humphreys Ted Humphreys is Director of XiSEC, a company specializing in information security management systems. He serves as Convenor of the Joint Technical Committee, ISO /IEC JTC 1, Information technology , Subcommittee . . .
. . .  that have emerged recently, including : • Management of software patches – in recognition of the increasing risk of new software being exploited before patches can be intro- Helping organizations worldwide ISO /IEC 17799 :2005 is intend- ed to provide organizations around the world with new best practice improvements and enhancements to help them : • provide greater customer confidence and assurance that their systems and serv- ices are “ fit for purpose ”; Page 4 30 ISO Management Systems – September-October 2005 Complementary and supportive standard While ISO /IEC 17799 . . .
. . .  number ISO /IEC 27002 to ISO /IEC 17799 in 2007. Currently, SC 27 is developing ISO /IEC 27003 and ISO /IEC 27004, aimed at providing supporting guidance for ISO /IEC 27001. The creation of a family of ISMS-related standards is intended to mirror the approach adopted by the ISO 9000:2000 series of QMS standards – and thus ISO /IEC 27001 will serve information security as ISO 9001:2000 does quality. • ISO INSIDER • make more profitable use of their investment in informa- tion security as a business enabler ; • enhance management con- trol of businesses informa- tion assets . . .
--2890,5,289,3059,14448