ISO/IEC 27001:2005 is a standard specification for an Information Security Management Systems (ISMS). An ISMS is the means by which Senior Management monitor and control their security, minimizing the residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. It forms part of an organization’s internal control system.
ISO/IEC 17799:2005 is a standard code of practice and can be regarded as a comprehensive catalogue of good security things to do.
ü Improved security throughout the organization
ü Improved security planning
ü Demonstrates company’s commitment in protecting information
ü Security management effectiveness
ü Ongoing protection over Information
ü Less risk when dealing with partners
ü Improved customer, employee and partner confidence
ü More realistic and manageable auditing
ü Reduced liability over information
BS 7799 (ISO 27001) consists of 134 best security practices (covering 11 Domains which was discussed above) which organizations can adopt to build their Security Infrastructure.
Organizing Information Security
Human Resource Security
Physical & Environmental
Communications and Operations Management
Information Systems Acquisition, Development and Maintenance
Information Security Incident Management
Business Continuity Management