Internet and Wireless Security

M J Kenning
Security is more than using the right technology. In the words of cryptographer Bruce Schneier: 'If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology' [1]. Security is as much about people, and the way they use the technology. The information security management standard, BS 7799 [2, 3], addresses this very issue.
BS 7799 was developed in the early 1990s as a result of demand from industry, government and commerce for a common information security framework. Organisations felt that they needed to assure those with whom they do business that they operate to a common minimum security standard. They also needed to be able to provide others with assurances about their own security.
A group of companies, including BOC, BT, Marks and Spencer, Midland Bank, Nationwide Building Society, Shell and Unilever, co-operated in the development of the Code of Practice for Information Security Management BS 7799 Part 1 Code of Practice. The Specification for Information Security Management Systems BS 7799 Part 2 was published in February 1998 [2, 3]. Part 1 of the standard was published as the international standard ISO/IEC 17799 Part 1 code of practice for information security management in December 2000 [4].
In the UK the scheme for accredited certification of an organisation's information security management system (ISMS) to the requirements of BS 7799, is known as 'c:cure'. The scheme, commissioned by the DTI in 1998 and managed...