BS7799
   HOME

TheInfoList



Click Here for Items Related To - BS7799
OR:
BS7799 on:   [Wikipedia]   [Google]   [Amazon]

BS 7799 was a British standard "Code of Practice for Information Security Management", first published as such by the British Standards Institution (BSI) in February 1995. Read about the origins of BS 7799
here Here may refer to: Music * ''Here'' (Adrian Belew album), 1994 * ''Here'' (Alicia Keys album), 2016 * ''Here'' (Cal Tjader album), 1979 * ''Here'' (Edward Sharpe album), 2012 * ''Here'' (Idina Menzel album), 2004 * ''Here'' (Merzbow album), ...
. Subsequently, two further parts to BS 7799 were also published (the first becoming BS 7799 Part 1), by which time BSI had become
BSI Group The British Standards Institution (BSI) is the national standards body of the United Kingdom. BSI produces technical standards on a wide range of products and services and also supplies standards certification services for business and person ...
. The original BS 7799 outlined a structured approach to the management of information security but was primarily a description of some 127 information security controls in 10 sections or categories. Each control was designed to address a specified control objective. Some of the controls considered particularly important at the time were identified as 'key controls' indicated with a key icon in the margin. Following pushback from the user and academic communities, however, the 'key control' concept was dropped when BS 7799 was revised in 1998. Users were encouraged to determine their own risks and objectives in order to select whichever controls were appropriate to their needs - a more fundamental and flexible approach applicable to organisations of all types, sizes and industries. After a lengthy discussion by standards bodies through
ISO The International Organization for Standardization (ISO ; ; ) is an independent, non-governmental, international standard development organization composed of representatives from the national standards organizations of member countries. Me ...
/
IEC The International Electrotechnical Commission (IEC; ) is an international standards organization that prepares and publishes international standards for all electrical, electronic and related technologies. IEC standards cover a vast range of ...
, BS 7799-1 was eventually fast-tracked and adopted as
ISO/IEC 17799 ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and ...
, "Information Technology - Code of practice for information security management." in 2000.
ISO/IEC 17799 ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and ...
was revised in June 2005, and renumbered
ISO/IEC 27002 ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled ''Information security, cybersecurity and privacy protect ...
in July 2007 when it was incorporated into the growing ISO/IEC 27000 family of standards. BS 7799 Part 2 "Information Security Management Systems - Specification with guidance for use." was first published by BSI Group in 1999 as a formal specification supporting conformity assessment and certification. BS 7799-2 explained how to design and implement an
information security management system Information security management (ISM) defines and manages controls that an organization needs to implement to ensure that it is sensibly protecting the confidentiality, availability, and integrity of assets from threats and vulnerabilities. The co ...
(ISMS) - a systematic approach to the governance and management of information security within an organisation. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (
PDCA PDCA or plan–do–check–act (sometimes called plan–do–check–adjust) is an iterative design and management method used in business for the control and continual improvement of processes and products. It is also known as the Shewhart cy ...
) (Deming cycle), aligning it with quality standards such as
ISO 9000 The ISO 9000 family is a set of international standards for Quality (business), quality management systems. It was developed in March 1987 by International Organization for Standardization. The goal of these standards is to help organizations en ...
. BS 7799 Part 2 was adopted by ISO/IEC as
ISO/IEC 27001 ISO/IEC 27001 is an information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the st ...
in November 2005. BS 7799 Part 3 "Information security management systems - Guidelines for information security risk management" was first published by BSI Group in 2005. BS 7799-3 focuses on the identification, analysis, treatment and monitoring of information risks. It was adapted and adopted by ISO/IEC as
ISO/IEC 27005 ISO/IEC 27005 "Information technology — Security techniques — Information security risk management" is an international standard published by the International Organization for Standardization (ISO) and the International Electrotechnical Commi ...
in 2008. Meanwhile, BS 7799-3 continues to evolve in parallel. It was revised in 2017 and a project was proposed in 2023 to simplify the guidance specifically for smaller organisations.


See also

*
Cyber security standards Information security standards (also cyber security standards) are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devi ...
*
ISO/IEC 27000-series The ISO/IEC 27000 family (also known as the 'ISMS Family of Standards', 'ISO27K', or 'ISO 27000 series') comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International E ...
*
ISO/IEC 27001 ISO/IEC 27001 is an information security standard. It specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS). Organizations with an ISMS that meet the st ...
*
ISO/IEC 27002 ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled ''Information security, cybersecurity and privacy protect ...
(formerly
ISO/IEC 17799 ISO/IEC JTC 1, entitled "Information technology", is a joint technical committee (JTC) of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its purpose is to develop, maintain and ...
)


References


External links


British Standards Institution
-> BSI Shop

{{Webarchive, url=https://web.archive.org/web/20080509075707/http://www.17799central.com/cert.htm , date=2008-05-09
BS 7799 Part 2 PDCA Methodology
07799 Computer security in the United Kingdom Computer security standards