Saturday, May 3, 2008

Security Frameworks

* ISO/IEC 17799:2005
Is a security best practices. It has a great scope: Business continuiti management, access control, system development security controls, physical and environmental security, civil laws compliance, RRHH security, Information security, comunications and operations management, assent management, security policy and incident management.

* ISO 27001
Information security management specification. Is a complement for the ISO 17799.
Defines an information security management system and creates a framework for the design implementation, management and maintenance of IS processes throughout an organization. Will replace the BS 7799.
Is not a code of practice as 17799, defines the information management system itself.

* BS 7799
Will be replaced by ISO 27001.

No comments: