O'Reilly logo

Governance, Risk, and Compliance Handbook: Technology, Finance, Environmental, and International Guidance and Best Practices by Anthony Tarantino

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 12

ISO 27001 AND ISO 17799

Alan Calder

12.1 ISO 27001 AND ISO 17799—THE INFORMATION SECURITY STANDARDS

(a) Background to ISO 27001

(b) Information Security Standards Originating Body

(c) ISO/IEC 27001:2005 (ISO 27001)

(d) ISO/IEC 17799:2005 (ISO 17799)

12.2 ISO 17799 VERSUS ISO 27001

(a) Correspondence between the Two Standards

(b) Integration of Management Systems

(c) IT Governance and Information Security Management

(d) Risks to Information Assets

(e) Information Security

(f) Information Security Management System

(g) ISO 27001 as a Model for the ISMS

(h) Legal and Regulatory Framework

(i) Process Approach and the PDCA Cycle

(j) Establishing the ISMS

(k) Policy and Business Objectives

(l) Risk Assessment

(m) Risk Treatment Plan

12.3 CONCLUSION

12.4 ESSENTIAL FURTHER READING

NOTES

12.1 ISO 27001 AND ISO 17799—THE INFORMATION SECURITY STANDARDS

The replacement, in late 2005, of BS 77799-2:2002 by the international information security management system (ISMS) standard ISO/IEC 27001:2005 marks the coming of age of information security management. ISO 27001 is the international standard for information security management systems, and it provides organizations with best practice guidance for identifying, assessing, and controlling information risks in strategic business plans and everyday operational environments. It's the essential standard for the information age organization. It has an important and symbiotic relationship with another international standard, ISO/IEC 17799:2005, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required