White Papers for International Standards Organization (ISO) 27002 (17799)

Security Information Management and ISO 17799:2005

Arcsight

ISO 17799:2005 is a code of practice for information security management developed by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).ISO/IEC recommend that this code of practice be used as a starting point for developing organization specific guidance, with specific emphasis that not all of the guidance and controls in the code may be applicable to each organization.
Also, additional controls not included in the code of practice document may be required. Instead of mandating specific implementation of information security practices, ISO 17799:2005 is intended to be used as a “best practice” framework in the development of organizational security policies and practices. As such, each organization that is implementing this framework will end up with very different policies, controls and
reporting requirements based on their unique assets, threats, vulnerabilities and business practices that will lead to their own individual definition of acceptable vs.non-acceptable risk. The benefits of the framework are to provide a code of practice that induces organizations to consider all factors when developing their security program.

View the White Paper

Share or bookmarklet this web page at: