CHAPTER 12
ISO 27001 AND ISO 17799
12.1 ISO 27001 AND ISO 17799—THE INFORMATION SECURITY STANDARDS
(a) Background to ISO 27001
(b) Information Security Standards Originating Body
(c) ISO/IEC 27001:2005 (ISO 27001)
(d) ISO/IEC 17799:2005 (ISO 17799)
12.2 ISO 17799 VERSUS ISO 27001
(a) Correspondence between the Two Standards
(b) Integration of Management Systems
(c) IT Governance and Information Security Management
(d) Risks to Information Assets
(e) Information Security
(f) Information Security Management System
(g) ISO 27001 as a Model for the ISMS
(h) Legal and Regulatory Framework
(i) Process Approach and the PDCA Cycle
(j) Establishing the ISMS
(k) Policy and Business Objectives
(l) Risk Assessment
(m) Risk Treatment Plan
12.3 CONCLUSION
12.4 ESSENTIAL FURTHER READING
NOTES
12.1 ISO 27001 AND ISO 17799—THE INFORMATION SECURITY STANDARDS
The replacement, in late 2005, of BS 77799-2:2002 by the international information security management system (ISMS) standard ISO/IEC 27001:2005 marks the coming of age of information security management. ISO 27001 is the international standard for information security management systems, and it provides organizations with best practice guidance for identifying, assessing, and controlling information risks in strategic business plans and everyday operational environments. It's the essential standard for the information age organization. It has an important and symbiotic relationship with another international standard, ISO/IEC 17799:2005, ...
Get Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.