ISO/IEC 17799: Code of Practice for Information Security Management

ISO/IEC 17799: Code of Practice for Information Security Management is a generic set of best practices for the security of information systems. Considered the foremost security specification document in the world, the code of practice includes guidelines for all organizations, no matter what their size or purpose. 17799 was originally published in the United Kingdom as DT Code of Practice, and then later as BS 7799.

The ISO/IEC 17799 details 127 security measures, organized into 10 sections; these specify best practices for: business continuity planning; system access control; system development and maintenance; physical and environmental security; compliance; personnel security; security organization; computer and operations management; asset classification and control; and security policies. The purpose of the code of practice is to be as comprehensive as possible, covering practices that are applicable to a broad range of endeavors. The document suggests that particular organizations can benefit from selecting those specifications that apply to them.

The document is currently being revised to provide sufficient detail to enable the development of a security management system.

This was last updated in October 2008

Continue Reading About ISO/IEC 17799: Code of Practice for Information Security Management

Dig Deeper on Software Project Management Process



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.


File Extensions and File Formats

Powered by: