Security News > 2005 > June > New Version of ISO17799 Published
Forwarded from: Sue NEW VERSION OF ISO 17799 PUBLISHED The official revision of ISO 17799, the international computer security standard, has today been released. This new version has been under development for several years, and introduces a number of siginificant changes. The old version, originally published in 2000, has been withdrawn. The new standard now contains eleven 'core' chapters, as opposed to the original ten, with existing chapters being re-organized. The new format is as follows: 1) Security Policy 2) Organizing Information Security 3) Asset Management 4) Human Resources Security 5) Physical and Environmental Security 6) Communications and Operations Management 7) Access Control 8) Information Systems Acquisition, Development and Maintenance 9) Information Security Incident Management 10) Business Continuity Management 11) Compliance. ISO17799:2005 also introduces controls to address a range of new issues. These include topics such as outsourcing and patch management. In addition, other areas have been substantially extended or re-shaped, such as employment termination, and mobile communication. Steps have also been taken to enhance the "user friendliness" of the standard. OFFICIAL SOURCES The following official outlet (BSI) has been updated to provide copies of the new standard (as opposed to the old): http://www.standardsdirect.org/iso17799.htm The ISO 17799 Toolkit, the standard's support and starter kit, has also been updated to include the new version: http://www.17799-toolkit.com For further information see the ISO 17799 Newsletter archive site at: http://17799-news.the-hamster.com ---------------------------- Thanks and kind regards, Sue ISO 17799 Newsletter _________________________________________ Attend the Black Hat Briefings and Training, Las Vegas July 23-28 - 2,000+ international security experts, 10 tracks, no vendor pitches. www.blackhat.com