The IT Law Wiki

ISO/IEC 17799:2005


32,084pages on
this wiki
Add New Page
Add New Page Talk0

Citation Edit

ISO/IEC 17799:2005: "Information technology — Security techniques — Code of practice for information security management" (Summary).

Overview Edit

This standard established guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization.

It is high level, broad in scope, conceptual in nature, and intended to provide a basis for an organization to develop its own organizational security standards and security management practices.

The standard states:

This code of practice may be regarded as a starting point in developing organization-specific guidance. Not all of the guidance and controls in the code of practice may be applicable. Furthermore, additional control not included in this document may be required.

ISO/IEC 17799 is a widely recognized, comprehensive information security standard. It is organized into ten major sections or topics. ISO/IEC 17799 offers guidelines and voluntary directions for information security management and is meant to provide a general description of the areas considered important when initiating, implementing, or maintaining information security in an organization. It addresses the topics in terms of policies and general good practices but does not provide definitive details or "how-tos."

This standard was revised by ISO/IEC 27002:2005.

Source Edit

Also on Fandom

Random Wiki