[2024]Digital Global Overview Report 2024 Meltwater.pdf
Iso 27001 10_apr_2006
1. ISO 27001
By : Khawar Nehal
Applied Technology Research Center
9 April 2006
khawar@atrc.net.pk
Http://atrc.net.pk
2. BS 7799 and ISO 17799
The BS 7799 / ISO 17799 standard was
developed to create a common information
security structure and thus cover technical,
administrative and legal aspects alike.
3. BS 7799 and ISO 17799
BS7799 was original a code of practice
issued by tehhe UK Government (DTI).
4. BS 7799 and ISO 17799
When initially published as an ISO standard,
BS7799 became ISO 17799, because a
standard called ISO 7799 already existed.
5. BS 7799 and ISO 17799
Through ten check points, this standard
lists the optimal practices companies must
implement to manage computer security
effectively.
6. BS 7799 and ISO 17799
Implementation of the principles laid out in
BS 7799 / ISO 17799 makes it possible to
detect, analyze and reduce information
risks.
7. ISO 27001 and ISO 24743
ISO 27001 was originally to be ISO 24743,
until a change of direction.
8. The ISO 17799 Series
ISO 17799 was created as an international
standard for information security and is
widely regarded as the most complete
security guideline in existence. Companies
that adhere to this standard can apply for a
BS 7799 certification.
20. ISO 27001
ISO 27001, titled "Information Security
Management - Specification With Guidance
for Use", is the replacement for BS7799-2. It
is intended to provide the foundation for
third party audit, and is 'harmonized' with
other management standards, such as ISO
9001 and ISO 14001.
21. ISO 27001
The basic objective of the standard is to
help establish and maintain an effective
information management system, using a
continual improvement approach.
22. ISO 27001
It implements OECD (Organization for
Economic Cooperation and Development)
principles, governing security of information
and network systems.
23. The Contents of the Standard?
The broad content is of course similar to the
old BS7799. Included is:
Cross reference with ISO 17799 controls
Use of PDCA
Information Management System
Terms and definitions
24. ISO 27001 Certification
As with BS7799-2, a robust audit and
certification scheme supports the standard.
For those already certified against BS7799,
accredited certification bodies will establish
transitional arrangements.
25. ISO 27001 Certification
It essentially described how to apply the
controls defined within ISO 17799, and of
course how to build and maintain and IS
Management System.
26. The ISO 27000 Series
The final version of ISO 27001 was
published in October 2005 to a great
fanfare. A final draft version was published
some months prior to this. It should be
noted, however, that this is in fact only the
first of a series of standards to support
information security.
27. The ISO 27000 Series
Having stated this, it may well be the most
important, at least from a 'top down'
perspective, as it defines the information
security management system.
28. The ISO 27000 Series
ISO27001 replaced the original standard,
BS7799-2. The latter was a long established
information security standard. Strictly
speaking, this is a specification for an ISMS
(IS Management System).
It contains the following chapters:
29. The ISO 27000 Series
It contains the following chapters:
0) Introduction
1) Scope
2) Normative References
3) Terms and Definitions
4) Information Security Management
System
5) Management Responsibility
6) Management review of the ISMS
7) ISMS improvement
30. The ISO 27000 Series
The standard also defines a 6 stage process
and describes the PDCA approach. There is
also a mapping on to the 17799 security
code of practice.
31. The ISO 27000 Series
The standard also defines a 6 stage process
and describes the PDCA approach. There is
also a mapping on to the 17799 security
code of practice.