ISO/IEC 17799:2005: "Information technology — Security techniques — Code of practice for information security management" (Summary).
The standard states:
|“||This code of practice may be regarded as a starting point in developing organization-specific guidance. Not all of the guidance and controls in the code of practice may be applicable. Furthermore, additional control not included in this document may be required.||”|
ISO/IEC 17799 is a widely recognized, comprehensive information security standard. It is organized into ten major sections or topics. ISO/IEC 17799 offers guidelines and voluntary directions for information security management and is meant to provide a general description of the areas considered important when initiating, implementing, or maintaining information security in an organization. It addresses the topics in terms of policies and general good practices but does not provide definitive details or "how-tos."
- A Comparison of Cross-Sector Cyber Security Standards, at 5.
- NIST, International Standard ISO/IEC 17799:2000, "Code of Practice for Information Security Management Frequently Asked Questions" (Nov. 2002) (full-text).