STANDARD AND PRACTICE - SECURITY MODELS
ü
ISO
17799/BS 7799
One of
the most widely referenced and often discussed security models is the
Information Technology – Code of Practice for Information Security Management,
which was originally published as British Standard BS 7799
In 2000,
this Code of Practice was adopted as an international standard framework for
information security by the International Organization for Standardization
(ISO) and the International Electrotechnical Commission (IEC) as ISO/IEC 17799.
ü
Drawbacks
of ISO 17799/BS 7799
Several
countries have not adopted 17799 claiming there are fundamental problems:
– The
global information security community has not defined any justification for a code of practice as identified in
the ISO/IEC 17799
–
17799
lacks “the necessary measurement precision of a technical standard”
– There is
no reason to believe that 17799 is more useful than any other approach currently available
–
17799 is
not as complete as other frameworks available
– 17799 is
perceived to have been hurriedly prepared given the tremendous impact its adoption could have on
industry information security controls
ü
Objectives
of ISO 17799
Organizational
Security Policy is needed to provide management direction and support.
ü
Ten
Sections of ISO/IEC 17799
ü Organizational
Security Policy
ü Organizational
Security Infrastructure
ü Asset
Classification and Control
ü Personnel
Security
ü Physical
and Environmental Security
ü Communications
and Operations Management
System Access Control
System Development and Maintenance
Business Continuity Planning
Compliance
Alternate
Security Models available other than ISO 17799/BS 7799
Related Topics
Privacy Policy, Terms and Conditions, DMCA Policy and Compliant
Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.