Home | | Information Security | Standard and Practice - Security Models

Chapter: Information Security : Logical Design

Standard and Practice - Security Models

ISO 17799/BS 7799, Drawbacks of ISO 17799/BS 7799, Objectives of ISO 17799, Ten Sections of ISO/IEC 17799

STANDARD AND PRACTICE - SECURITY MODELS

 

ü           ISO 17799/BS 7799

 

   One of the most widely referenced and often discussed security models is the Information Technology – Code of Practice for Information Security Management, which was originally published as British Standard BS 7799

 

   In 2000, this Code of Practice was adopted as an international standard framework for information security by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) as ISO/IEC 17799.


ü           Drawbacks of ISO 17799/BS 7799

 

   Several countries have not adopted 17799 claiming there are fundamental problems:

 

The global information security community has not defined any justification for a code of practice as identified in the ISO/IEC 17799

 

–   17799 lacks “the necessary measurement precision of a technical standard”

 

There is no reason to believe that 17799 is more useful than any other approach currently available

 

–   17799 is not as complete as other frameworks available

 

17799 is perceived to have been hurriedly prepared given the tremendous impact its adoption could have on industry information security controls


ü           Objectives of ISO 17799

 

   Organizational Security Policy is needed to provide management direction and support.


ü           Ten Sections of ISO/IEC 17799

 

ü     Organizational Security Policy

 

ü     Organizational Security Infrastructure

 

ü     Asset Classification and Control

 

ü     Personnel Security

 

ü     Physical and Environmental Security

 

ü     Communications and Operations Management

 

            System Access Control

 

            System Development and Maintenance

 

            Business Continuity Planning

 

            Compliance

 

   Alternate Security Models available other than ISO 17799/BS 7799


Study Material, Lecturing Notes, Assignment, Reference, Wiki description explanation, brief detail
Information Security : Logical Design : Standard and Practice - Security Models |


Privacy Policy, Terms and Conditions, DMCA Policy and Compliant

Copyright © 2018-2023 BrainKart.com; All Rights Reserved. Developed by Therithal info, Chennai.