The new information security management standard, ISO 27001, has been published following a lengthy public consultation phase.
October 25, 2005 (Press Release) --
ISO 27001 defines and specifies an 'Information Security Management System', known commonly as an ISMS. It compliments the existing ISO 17799 security standard, and specifies a general framework for the creation and maintenance of the security process within an organization.
These two standards are closely related, and although their scope is extremely wide, they have very clearly defined roles:
ISO 27001
This defines the overall requirements for the ISMS itself, the focus being on management. It is this standard, rather than ISO 17799, against which certification is available. It was based upon an earlier standard, known as BS7799, but has been more closely aligned with other quality management standards, such as ISO 9000.
ISO 17799
This describes the individual security controls available, which may be applied as part of the ISMS driven exercise described by ISO 27001.
THE WIDER IMPLICATIONS
This development is likely to herald a substantial increase in interest in both these standards. Those already certified under the old BS7799-2 standard will be offered a transitional path, whereas the new international status of the management standard is certain to have a major impact on the overall numbers following standards.
This has already started to become apparent in terms of the record number of pre-orders for ISO 27001 itself, and the recent significant membership increases for the ISO 17799 User Group ( based at http://www.17799.com ).
OFFICIAL SOURCES OF THE STANDARDS
Both of the standards can be obtained and downloaded from:
BSI at http://17799.standardsdirect.org
and
SNV at http://www.standards-online.net/InformationSecurityStandard.htm
FURTHER INFORMATION
Further information can be obtained from the ISO 17799 Newsletter site at:
http://17799-news.the-hamster.com
or from the new ISO 27001 specific portal at
http://www.27001-online.com
These two standards are closely related, and although their scope is extremely wide, they have very clearly defined roles:
ISO 27001
This defines the overall requirements for the ISMS itself, the focus being on management. It is this standard, rather than ISO 17799, against which certification is available. It was based upon an earlier standard, known as BS7799, but has been more closely aligned with other quality management standards, such as ISO 9000.
ISO 17799
This describes the individual security controls available, which may be applied as part of the ISMS driven exercise described by ISO 27001.
THE WIDER IMPLICATIONS
This development is likely to herald a substantial increase in interest in both these standards. Those already certified under the old BS7799-2 standard will be offered a transitional path, whereas the new international status of the management standard is certain to have a major impact on the overall numbers following standards.
This has already started to become apparent in terms of the record number of pre-orders for ISO 27001 itself, and the recent significant membership increases for the ISO 17799 User Group ( based at http://www.17799.com ).
OFFICIAL SOURCES OF THE STANDARDS
Both of the standards can be obtained and downloaded from:
BSI at http://17799.standardsdirect.org
and
SNV at http://www.standards-online.net/InformationSecurityStandard.htm
FURTHER INFORMATION
Further information can be obtained from the ISO 17799 Newsletter site at:
http://17799-news.the-hamster.com
or from the new ISO 27001 specific portal at
http://www.27001-online.com
Email
Print
Download
SPAM
LEAVE A COMMENT
