BS 7799
Encyclopedia
BS 7799 was a standard originally published by BSI Group
(BSI) in 1995. It was written by the United Kingdom
Government's Department of Trade and Industry (DTI), and consisted of several parts.
The first part, containing the best practices for Information Security Management, was revised in 1998; after a lengthy discussion in the worldwide standards bodies, was eventually adopted by ISO as ISO/IEC 17799, "Information Technology - Code of practice for information security management." in 2000. ISO/IEC 17799 was then revised in June 2005 and finally incorporated in the ISO 27000 series of standards as ISO/IEC 27002
in July 2007.
The second part to BS7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems - Specification with guidance for use." BS 7799-2 focused on how to implement an Information security management system
(ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001
. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA
) (Deming quality assurance model), aligning it with quality standards such as ISO 9000
. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001
in November 2005.
BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.
BSI Group
BSI Group, also known in its home market as the British Standards Institution , is a multinational business services provider whose principal activity is the production of standards and the supply of standards-related services.- History :...
(BSI) in 1995. It was written by the United Kingdom
United Kingdom
The United Kingdom of Great Britain and Northern IrelandIn the United Kingdom and Dependencies, other languages have been officially recognised as legitimate autochthonous languages under the European Charter for Regional or Minority Languages...
Government's Department of Trade and Industry (DTI), and consisted of several parts.
The first part, containing the best practices for Information Security Management, was revised in 1998; after a lengthy discussion in the worldwide standards bodies, was eventually adopted by ISO as ISO/IEC 17799, "Information Technology - Code of practice for information security management." in 2000. ISO/IEC 17799 was then revised in June 2005 and finally incorporated in the ISO 27000 series of standards as ISO/IEC 27002
ISO/IEC 27002
ISO/IEC 27002 is an information security standard published by the International Organization for Standardization and by the International Electrotechnical Commission , entitled Information technology - Security techniques - Code of practice for information security management.ISO/IEC 27002:2005...
in July 2007.
The second part to BS7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems - Specification with guidance for use." BS 7799-2 focused on how to implement an Information security management system
Information security management system
An information security management system is a set of policies concerned with information security management or IT related risks. The idioms arose primarily out of ISO 27001....
(ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001
ISO/IEC 27001
ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission...
. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA
PDCA
PDCA is an iterative four-step management method used in business for the control and continuous improvement of processes and products...
) (Deming quality assurance model), aligning it with quality standards such as ISO 9000
ISO 9000
The ISO 9000 family of standards relates to quality management systems and is designed to help organizations ensure they meet the needs of customers and other stakeholders . The standards are published by ISO, the International Organization for Standardization, and available through National...
. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001
ISO/IEC 27001
ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission...
in November 2005.
BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.
See also
- Cyber security standardsCyber security standardsCyber security standards are security standards which enable organizations to practice safe security techniques to minimize the number of successful cyber security attacks. These guides provide general outlines as well as specific techniques for implementing cyber security. For certain specific...
- ISO/IEC 27000-seriesISO/IEC 27000-seriesThe ISO/IEC 27000-series comprises information security standards published jointly by the International Organization for Standardization and the International Electrotechnical Commission .The series provides best practice recommendations on information security management, risks and controls...
- ISO/IEC 27001ISO/IEC 27001ISO/IEC 27001, part of the growing ISO/IEC 27000 family of standards, is an Information Security Management System standard published in October 2005 by the International Organization for Standardization and the International Electrotechnical Commission...
- ISO/IEC 27002ISO/IEC 27002ISO/IEC 27002 is an information security standard published by the International Organization for Standardization and by the International Electrotechnical Commission , entitled Information technology - Security techniques - Code of practice for information security management.ISO/IEC 27002:2005...
(formerly ISO/IEC 17799)