ISO 17799: "Best Practices" in Information Security Management?

ISO 17799: "Best Practices" in Information Security Management?

To protect the information assets of organizations, many different standards and guidelines have been proposed. Among them, International standard ISO 17799 is one of the most prominent international efforts on information security. This standard provides both an authoritative statement on information security and the procedures to be adopted by organizations to ensure information security. Sec...

Information Security governance: COBIT or ISO 17799 or both?

This paper investigates the coexistence of and complementary use of COBIT and ISO 17799 as reference frameworks for Information Security governance. The investigation is based on a mapping between COBIT and ISO 17799 which became available in 2004, and provides a level of 'synchronization' between these two frameworks.

Practical implementation of an ISO 17799- compliant information security management system using a novel ASD method

This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 complian...

Navigating the Information Security Landscape: Mapping the Relationship Between ISO 15408: 1999 and ISO 17799: 2000

It is crucial for corporations operating in a multinational economy to have a seamless understanding of the security process. For information assurance, ISO 15408:1999 (i.e. Common Criteria) and ISO 17799:2000 are the key standards, both of which are needed for implementing a global approach to security. They provide a definition of the necessary elements of the process as well as the basis for...

Business Continuity Planning beyond ISO 17799 GIAC Security Essentials