|
What is BS 7799?
|
|
BS
7799 is a specification for the management of Information Security. It
is applicable to all sectors of industry and commerce and not confined
to information held on computers. It addresses the security of
information in whatever form it is held.
|
|
| The
information may be printed or written on paper, stored electronically,
transmitted by post or email, shown on films, or spoken in
conversation. Whatever form the information takes, or means by which it
is shared stored. BS 7799 helps an organisation ensure it is always
appropriately protected. |
|
| Information
security can be characterized as the preservation of: |
| Confidentiality |
- ensuring
that access to information is appropriately authorized. |
| Integrity |
-
safeguarding the accuracy and completeness of information and integrity
processing methods.
|
| Availability |
- ensuring
that authorized users have access to information when they need it.
|
|
|
BS 7799
contains a number of control objectives and controls. These include:
|
| ~ |
Security
policy. |
| ~ |
Organizational
security. |
| ~ |
Asset
classification and control. |
| ~ |
Personnel
security. |
| ~ |
Physical
and environmental security. |
| ~ |
Communications
and operations management. |
| ~ |
Access
control. |
| ~ |
System
development and maintenance. |
| ~ |
Business
continuity management. |
| ~ |
Compliance. |
| Back to Top
|
