ISO/IEC 17799: Code of Practice for Information Security Management is a generic set of best practices for the security of information systems. Considered the foremost security specification document in the world, the code of practice includes guidelines for all organizations, no matter what their size or purpose. 17799 was originally published in the United Kingdom as DT Code of Practice, and then later as BS 7799.Content Continues Below
The ISO/IEC 17799 details 127 security measures, organized into 10 sections; these specify best practices for: business continuity planning; system access control; system development and maintenance; physical and environmental security; compliance; personnel security; security organization; computer and operations management; asset classification and control; and security policies. The purpose of the code of practice is to be as comprehensive as possible, covering practices that are applicable to a broad range of endeavors. The document suggests that particular organizations can benefit from selecting those specifications that apply to them.
The document is currently being revised to provide sufficient detail to enable the development of a security management system.