Relationship between BS7799, ISO/IEC 17799, and ISO/IEC 27001

1. Standard Organization 5 T8 a $ o8 d) W; U # K0 B1 u
BSI British Standards Institute: l']-T7 A7 Z % B/S
: R2 h o/y0 M7 [-I ISO International Standardization Organization 1 P8 [: Q. z5 V/u8 Q: E5} 2 L & M8 T & G
IEC International Electrotechnical Commission

2 Z-V9 X & V. Y) @ # X; relationship between k42. standards; W3 T # X3 B2 Z/n8 K "W
BS7799 is a BSI standard for information security management. It was first established in 1995. BS 7799 and is divided into two parts: M0 G7 D (P8 K4?
The first part, named (code of practice for information security management), was adopted as ISO/IEC 2000 in 17799. Its latest version is 2005, which is often said.ISO 17799: 2005.
Part 2 (for information security managemenet specification), the latest version of which was officially iso27001 in October,/L-U0 K "R # Z) x + I: B-^
650) This. width = 650; "src =" http://s3.51cto.com/wyfs02/M02/4D/10/wKioL1RKDzvzXjaDAAGPoGI0K6k584.jpg "Title =" bs7799.png "alt =" wkiol1rkdzvzxjadaagpogi0k6k584.jpg "/>

3. Standard Introduction
The first part was adopted as ISO/IEC 2000 in 17799 and is the code of practice for information security management ). The latest version in covers all aspects of information security management: 4 K * H % T * C, M. D6 P5 J; o
J2 V (_&}.Security Policy(Security Policy)-- Information Security Policy

Organization of Information Security "p2 y7 \; @ # G: M3 {&?, L-- Organization Information Security
Asset Management)-- Asset Management
Human Resources Security 1 F: {/] K + '6 X-|! A-- Human Resource Security
Physical and environmental security)-- Physical and environmental security
Communication and operations management; W: Q3 x *? 1 @ (w6 | & @ % u ---- Communication and operation management
 Access Control)-- Access Control
SystemInformation systems acquisition, development and maintenance-Information System acquisition, development, and maintenance
Information Security Incident Management # L5 N. t0 z5 u * q-A1 V5 y-- Information Security Event Management
Business continuity management)-- Business continuity management
Compliance)-- Applicability

BS 7799 provides security policies, organizational structure of information security, asset management, and human resource security in a hierarchical structure.11 Security Control chapters, 39 main security categories and 133 specific control measures (best practices)For reference by persons responsible for information security system development to standardize the information security management construction of organizations. 7 \ G + L + A7 Q \ * H '}! T

The second part officially became iso27001 in October, which isEstablish a set of standards for the Information Security Management System (ISMS)(Specification for information security management systems), which describes in detail the requirements for the establishment, implementation and maintenance of information security management systems, can be used to guide relevant personnel to apply ISO 17799, its ultimate goal, is to establish an Information Security Management System (ISMS) suitable for enterprises ). "R % A $ q O0 ~ /Q6 C-l0 ['K
0 '4 ['k + u, M-A3 p! '
4. Development Direction (T: J: y0 y, G: Z R3 R9 P, F (t2 F7 U; G
BS 7799--information security management systems-Guidelines for information security risk management "is a new British Standard due for release in December 2005 4 V1 Q' | 1 U9 I5 O2 H4 B + @

In the future, the new iso27000 series security standards will consist of five parts:}, E0 Z "} * {2 T2 t
(}, Q T7 H/ISO 27000 will formally define the specific technical vocabulary used in these standards; V (o! @ 5 S9 p $'
ISO 27001 will be the ISO version of BS 7799-2, the certification standard (due for full release in November 2005, already available as a final draft); "H" r? * '-W
ISO 27002 will be the renamed and updated version of ISO 17799: 2005 (to be released in 2006 or 2007);) w6 T6 M0 F8 V/G3 y
1 M .~! G # S8 v6iso 27003 will contain guidance for those implementing the ISO 27000-series standards; 2 ^ 7 q's8 M5 T %}: B & R-R) v5 v K2 x/m'r1 s; D /'
ISO 27004 will be a new Information Security Management metrics and measurement standard to help measure the specified tiveness of information security management system implementations (currently in draft); 9 h C8? 4 N6 W7 s
ISO 27005 will be the ISO version of BS 7799-3w9 E &?; W8 I3 z o
. ^ 'K,] I/X. T %

This article is from the "Haina baichuan" blog, please be sure to keep this source http://hichuann.blog.51cto.com/1024435/1567636

Relationship between BS7799, ISO/IEC 17799, and ISO/IEC 27001