The 2005 version of the standard heavily employed the PDCA, Plan-Do-Check-Act model to structure the processes, and reflect the principles set out in the OECG guidelines (see ). Further, "The design and implementation of an organization's information security management system is influenced by the organization's needs and objectives, security requirements, the organizational processes used and the size and structure of the organization". Regarding its adoption, this should be a strategic decision. The objective of the standard itself is to "provide requirements for establishing, implementing, maintaining and continuously improving an Information Security Management System (ISMS)". A scheme was been introduced by various certification bodies for conversion from BS7799 certification to ISO27001 certification. On publication, ISO 27001 enhanced the content of BS7799-2 and harmonized it with other standards. Today in excess of a thousand certificates are in place, across the world. It is this against which certification is granted. As this matured, a second part emerged to cover management systems. BS7799 itself was a long standing standard, first published in the nineties as a code of practice. It is the specification for an ISMS, an Information Security Management System. The ISO 27001 standard was published in October 2005, essentially replacing the old BS7799-2 standard.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |