 |

Overview

ISO 17799 Standard

Benefits of
Certification

History of ISO

ISO Institutions
Compliance
News & Updates
Industry Case Studies
|
 |

The ISO 17799 standard is organized into 10 major sections, each covering a different topic or area.
1. Business Continuity Planning
The objectives of this section are: To counteract interruptions to business activities and to critical business processes from the effects of major failures or disasters.
2. System Access Control
The objectives of this section are: 1) To control access to information; 2) To prevent unauthorized access to information systems; 3) To ensure the protection of networked services; 4) To prevent unauthorized computer access; 5) To detect unauthorized activities; 6) To ensure information security when using mobile computing and tele-networking facilities.
3. System Development and Maintenance
The objectives of this section are: 1) To ensure security is built into operational systems; 2) To prevent loss, modification or misuse of user data in application systems; 3) To protect the confidentiality, authenticity and integrity of information; 4) To ensure IT projects and support activities are conducted in a secure manner; 5) To maintain the security of application system software and data.
4. Physical and Environmental Security
The objectives of this section are: To prevent unauthorized access, damage and interference to business premises and information; to prevent loss, damage or compromise of assets and interruption to business activities; to prevent compromise or theft of information and information processing facilities.
5. Compliance
The objectives of this section are: 1) To avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements; 2) To ensure compliance of systems with organizational security policies and standards; 3) To maximize the effectiveness of and to minimize interference to/from the system audit process.
6. Personnel Security
The objectives of this section are: To reduce risks of human error, theft, fraud or misuse of facilities; to ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work; to minimize the damage from security incidents and malfunctions and learn from such incidents.
7. Security Organization
The objectives of this section are: 1) To manage information security within the Company; 2) To maintain the security of organizational information processing facilities and information assets accessed by third parties; 3) To maintain the security of information when the responsibility for information processing has been outsourced to another organization.
8. Computer & Network Management
The objectives of this section are: 1) To ensure the correct and secure operation of information processing facilities; 2) To minimize the risk of systems failures; 3) To protect the integrity of software and information; 4) To maintain the integrity and availability of information processing and communication; 5) To ensure the safeguarding of information in networks and the protection of the supporting infrastructure; 6) To prevent damage to assets and interruptions to business activities; 7) To prevent loss, modification or misuse of information exchanged between organizations.
9. Asset Classification and Control
The objectives of this section are: To maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.
10. Security Policy
The objectives of this section are: To provide management direction and support for information security.
 |
Part: 2 of 2 |
|
|
 |