Abstract
The information security industry has finally developed and published standards. This article examines each of the ten areas identified in the standards document, ISO 17799, and identifies key points the security professional should address in his or her security program. While there are other standards (BS 7799, ISO/TR 15369), this article concentrates on the recommendations of the International Standard ISO/IEC 17799:2000, “Information Security Management, Code of Practice for Information Security Management.” The International Organization for Standardization (ISO)1 and the International Electrotechnical Commission (IEC) form a specialized system on worldwide standardization. National bodies that are members of ISO and IEC participate in the development of international standards through technical committees. The United States, through the American National Standards Institute (ANSI), is the secretariat. Twenty-four other nations (Brazil, France, United Kingdom, China, Democratic People's Republic of Korea, Czech Republic, Germany, Denmark, Belgium, Portugal, Japan, Republic of Korea, the Netherlands, Ireland, Norway, South Africa, Australia, Canada, Finland, Sweden, Slovenia, Switzerland, New Zealand, and Italy) have participant status and 40 other nations are observers.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
