|
Posted by Sue Thomas on March 16, 2006, 7:44 am
If you were Registered and logged in, you could reply and use other advanced thread options
The new BS IS security standard, BS7799-3 has been published this
morning. This is officially titled "Guidelines for Information Security
Risk Management", and is deigned to support the general ISMS standard,
ISO 27001, and the code of practice, ISO 17799, which were
published/updated last year.
Whilst ISO27001 covers all aspects of an ISMS, BS7799-3 focuses upon
risk specifically, including:
- assessment/eval of risks
- implementation of controls to address them
- review & monitoring
- maintenance/improvement of the overall control system.
The document is organized as follows:
1. Scope
2. Normative references
3. Terms + definitions
4. IS risks in the organizations context
5. Risk assessment
6. Risk treatment and management decision making
7. Ongoing risk management
The new standard is now available for the main BSI store, 'Standards
Direct':
http://17799.standardsdirect.org/bs7799.htm
Or as part of a special edition of the ISO 17799 Toolkit:
http://www.27005.net
For further information on BS7799, the following references sites may
assist:
http://www.thewindow.to/bs7799/
http://www.17799.com
I hope this is of interest.
Sue
The ISO 17799 Newsletter
http://17799-news.the-hamster.com
| 
XML site map