Is ISO 17799 still valid?

Is ISO 17799 still valid?

ISO 17799 is obsolete.

What is the difference between ISO 17799 and ISO 27001?

ISO 17799 is expected to be renamed ISO 27002 in 2007. In the works is ISO 27004 – Information Security Management Metrics and Measurement – currently in draft mode. ISO 27001 is the formal standard against which organizations may seek independent certification of their information security management systems.

What is the purpose of the ISO IEC 17799?

‘ISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management.

What are the ten sections of ISO IEC 17799?

The ISO/IEC 17799 details 127 security measures, organized into 10 sections; these specify best practices for: business continuity planning; system access control; system development and maintenance; physical and environmental security; compliance; personnel security; security organization; computer and operations …

What is ISO IEC?

(International Organization for Standardization/International Electrotechnical Commission) A standard governed by both ISO and the IEC. ISO originally stood for International Standards Organization, hence the ISO acronym. See ISO and IEC.

Why is ISO IEC 27002 important?

The primary purpose of ISO 27002:2013 was to provide comprehensive information security techniques and asset management controls for any organisation that either needed a new information security management program or wanted to improve their existing information security policies and practices.

What is Fisma compliance?

FISMA compliance is data security guidance set by FISMA and the National Institute of Standards and Technology (NIST). NIST is responsible for maintaining and updating the compliance documents as directed by FISMA.

What are the ISM practices that make up ISO 17799?

The ISM practices that make up ISO 17799 are organized as follows: Security objectives (for ISO 27001)….1. PLAN-Establish Context:

  • Define ISMS scope.
  • Define policy.
  • Identify risks.
  • Assess risks.
  • Select control objectives.

What is information security blueprint?

Specifically, an InfoSec blueprint describes all information security policies, security education and training, and technological controls that will be used, including the design, selection, and application of those policies and programs.

Are ISO and IEC the same?

ISO standards are standards developed by the standardisation institute ISO, and IEC standards are developed by the International Electrotechnical Commission (IEC). EN standards are usually ISO or IEC standards that the European Commission has harmonised.

What is the difference between ISO and IEC?

ISO focuses on standards for quality management systems, product-, material and construction standards, whereas IEC mainly focuses on all the International standards for electrical, electronic and related technologies. Together these organizations published the ISO/IEC 27001.