A Flow of Information  
IT Governance, ISO 17799 and ISO 27001   
ISO 17799IT Governance: From ITIL to ISO 17799
zeroing in on ISO17799
IT Governance: From ISO 17799 thru ITIL

Balanced Scorecard Balanced Scorecard
Prince2 Prince2
Six Sigma Six Sigma

IT Governance and ISO 17799

ISO 17799 History

This framework, which focuses upon information security, has existed in one form or another for well over a decade. Like ITIL, it was originally published by a government department in the United Kingdom (the 'DTI'). From there it was published as BS7799 by the BSI, and eventually as ISO 17799 by ISO in December 2000.

In 2002 an associated standards, BS7799-2, was published. This focused upon information security management systems, rather than security controls themselves, and was much more closely aligned with other ISO standards, such as ISO 9000.

In 2005, ISO 17799 was re-published, to reflect changes in technology. Later in the same year, BS7799-2 also became an ISO standard: ISO 27001.

Both these standards have a hugely significant following, and are internationally deployed.

What is ISO 17799?

ISO 17799 is a 'code of practise', meaning that it lists a substantial number of specific security controls that may be applicable to an IT environment. Selection from these controls is normally performed via risk assessment, and the methods outlined within ISO 27001.

The document itself contains 12 prime content sections, specifically covering:

  • Security Policy
  • Organizational Security
  • Asset Classification
  • HR
  • Physical & Environmental
  • Communications & Operations
  • Access Control
  • Systems Development
  • Business Continuity
  • Compliance
  • Risk Assessment
  • IS Acquisition

ISO 17799's Future

ISO 17799 and ISO 27001 are already global standards, with established compliance and certification schemes in place. Equally, it is clear that both standards will continue to evolve, to track technology and wider changes. As such, therefore, than can be little doubt that they will continue to grow in influence, and adoption will continue to expand.

Identified Source References for this Article:
ISO 17799 Wiki
ISO 17799 News
ISO 27001 Online