BS7799 ISO/IEC:27001:2005 and ISO/IEC:27002

British code of practice for information systems security management

BS 7799 ISO/IEC27001:2005 and ISO/IEC 27002 are standards setting out the requirements for an Information Security Management System (ISMS). These help to identify, manage and minimise the range of threats to which information is regularly subjected.

Annex A of BS 7799 identifies 10 controls:

Security policy - This provides management direction and support for information security
Organisation of assets and resources - To help you manage information security within the organisation
Asset classification and control - To help you identify your assets and appropriately protect them
Personnel security - To reduce the risks of human error, theft, fraud or misuse of facilities
Physical and environmental security - To prevent unauthorised access, damage and interference to business premises and information
Communications and operations management - To ensure the correct and secure operation of information processing facilities
Access control - To control access to information
Systems development and maintenance - To ensure that security is built into information systems
Business continuity management - To counteract interruptions to business activities and to protect critical business processes from the effects of major failures or disasters
Compliance - To avoid breaches of any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirement

Information Security Management Systems (ISMS) standards in detail

An organisation using BS 7799 ISO/IEC 27001 as the basis for it's ISMS, can become registered by BSI, thus demonstrating to stakeholders that the ISMS meets the requirements of the standard... Learn More Link to find out more details of information security management systems policies and procedures standards

Secure your information - protect your assets

Find out how CambiNet are helping organisations to protect and retain their information and Intellectual Property - as well as helping them to better protect their future... Learn More Link to our brochure explaining how CambiNet are helping organisations to use information security management system policies and procedures and best practice standards to help to protect and retain their information and Intellectual Property - as well as helping them to better protect their future

Policy Awareness Training Centre - The perfect solution for security policy training

Find out how our clients are using our policy awareness training centre as the perfect solution for IT security policy awareness training for standards such as ISO/IEC 27001 and ISO/IEC 27002 ... Click Here Link to find out how our clients are using our policy awareness training centre as the perfect solution for IT security policy awareness training for standards such as ISO/IEC 27001 and ISO/IEC 27002

Further security policy information

For further information about how CambiNet can help you with security standards such as:

BS7799 ISO/IEC:27001:2005 ISO/IEC:27002

Please Contact Us Link to our contact details so that we can discuss your information security management systems policies and procedures and introducing best practice information security standards in your organisation