Internet and Wireless Security

Chapter 16: Security Management Standard ISO 17799/BS 7799

M J Kenning

16.1 Introduction

Security is more than using the right technology. In the words of cryptographer Bruce Schneier: 'If you think technology can solve your security problems, then you don't understand the problems and you don't understand the technology' [1]. Security is as much about people, and the way they use the technology. The information security management standard, BS 7799 [2, 3], addresses this very issue.

BS 7799 was developed in the early 1990s as a result of demand from industry, government and commerce for a common information security framework. Organisations felt that they needed to assure those with whom they do business that they operate to a common minimum security standard. They also needed to be able to provide others with assurances about their own security.

A group of companies, including BOC, BT, Marks and Spencer, Midland Bank, Nationwide Building Society, Shell and Unilever, co-operated in the development of the Code of Practice for Information Security Management BS 7799 Part 1 Code of Practice. The Specification for Information Security Management Systems BS 7799 Part 2 was published in February 1998 [2, 3]. Part 1 of the standard was published as the international standard ISO/IEC 17799 Part 1 code of practice for information security management in December 2000 [4].

In the UK the scheme for accredited certification of an organisation's information security management system (ISMS) to the requirements of BS 7799, is known as 'c:cure'. The scheme, commissioned by the DTI in 1998 and managed...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.