Information Security News: New Version of ISO17799 Published

[InfoSec News <isn () c4i org>]

Forwarded from: Sue <sue () the-hamster com>

NEW VERSION OF ISO 17799 PUBLISHED

The official revision of ISO 17799, the international computer security
standard, has today been released. This new version has been under
development for several years, and introduces a number of siginificant
changes. The old version, originally published in 2000, has been
withdrawn.

The new standard now contains eleven 'core' chapters, as opposed to the
original ten, with existing chapters being re-organized. The new format
is as follows:

1) Security Policy
2) Organizing Information Security
3) Asset Management
4) Human Resources Security
5) Physical and Environmental Security
6) Communications and Operations Management
7) Access Control
8) Information Systems Acquisition, Development and Maintenance
9) Information Security Incident Management
10) Business Continuity Management
11) Compliance. 

ISO17799:2005 also introduces controls to address a range of new issues.
These include topics such as outsourcing and patch management. In
addition, other areas have been substantially extended or re-shaped,
such as employment termination, and mobile communication.

Steps have also been taken to enhance the "user friendliness" of the
standard.

OFFICIAL SOURCES
The following official outlet (BSI) has been updated to provide copies
of the new standard (as opposed to the old):
http://www.standardsdirect.org/iso17799.htm

The ISO 17799 Toolkit, the standard's support and starter kit, has also
been updated to include the new version: http://www.17799-toolkit.com


For further information see the ISO 17799 Newsletter archive site at:
http://17799-news.the-hamster.com 
----------------------------

Thanks and kind regards, 

Sue
ISO 17799 Newsletter



_________________________________________
Attend the Black Hat Briefings and
Training, Las Vegas July 23-28 - 
2,000+ international security experts, 
10 tracks, no vendor pitches.
www.blackhat.com