Shulou(Shulou.com)06/01 Report--

In the field of information security, I believe you will often hear the three names listed in the title. What is the relationship between these three standards? In order to avoid more confusion among friends, I checked the relevant information and sorted it out. I hope it will be helpful to you.

1. Standards Organization introduces 5 t8 A $o8 D) w; u # K0 b1 U

BSI (British Standards Institution) British Standards Institution: l']-T7 a7 Z% b / S

R 2HO / Y0M7 [- I ISO (International Organization for Standardization) International Organization for Standardization 1 p8 [: Q.Z5V / U8Q: e5} 2L & M8 T & G

IEC (International Electrotechnical Commission) International Electrotechnical Commission

2z-V9 x & v. Y) @ # X; K42. The relationship between standards; w3 t # x3 b2 Z / n8 k "W

BS7799 is a standard developed by BSI for information security management, which began in 1995. BS7799 is divided into two parts: M0G7D (P8K4?

The first part, called (Code of Practice for Information Security Management), was adopted as ISO/IEC 17799 in 2000. At present, its latest version is version 2005, which is commonly known as ISO 17799pur2005.

The second part (for Information Security Managemenet Specification), whose latest revised version officially became ISO27001 in October 2005, / l-u0k "r # Z) X+ I: B-^

3. Introduction to the standard

The first part, which has been adopted as ISO/IEC 17799 in 2000, is the implementation rules of Information Security Management (Code of Practice for Information Security Management). The latest version in 2005 covers all aspects of information security management: 4 k* H% t * C, M. d6 P5 J; O

J2 v (_ &}. Security Policy (Security Policy)-Information Security Policy

Organizational structure of information security (Organization of information security) "p2y7\; @ # g: m3 {&?, l-organizational information security

Asset management (Asset Management)-asset management

Human Resources Security (Human resources security) 1 F: {/] K+ `6 X-|! A-Human resources security

Physical and environmental security (Physical and environmental security)-physical and environmental security

Communication and Operations Management (Communication and operations management); w: Q3 X*? 1 @ (W6 | & @% Umuri-Communication and Operations Management

Access control (Access control)-access control

System procurement, development and maintenance (Information systems acquisition, development and maintenance)-- Information system acquisition, development and maintenance

Information Security event Management (Information security incident management) # L5 n. T0Z5 U* QA1 V5 Y-Information Security event Management

Business continuity Management (Business continuity management)-Business continuity Management

Compliance (Compliance)-applicability

BS 7799 provides 11 security control chapters such as security policy, organizational structure of information security, asset management and human resource security through a hierarchical structure, as well as 39 major security categories and 133specific control measures (best practices). It can be used as a reference for the personnel responsible for the development of the information security system to standardize the content of the information security management construction of the organization. 7\ G + l + A7 Q\ * H'}! T

The second part, officially became ISO27001 in October 2005, is a set of norms (Specification for Information Security Management Systems) for the establishment of information security management system (ISMS), which describes in detail the requirements of establishing, implementing and maintaining an information security management system, which can be used to guide relevant personnel to apply ISO 17799. Its ultimate goal is to establish an information security management system (ISMS) that meets the needs of enterprises. "r% a $Q O0 ~ / Q6 C-10 0 ['K

0`4 ['K+ u, Ma3p! `

4. Development direction (T: J: Y0y, g: Z R3 R9 p, f (T2 f7 u; g)

BS 7799-3 information security management systems-guidelines for information security risk management "is a new British Standard due for release in December 2005 4 V1 Q' | 1 U9 I5 O2H4 b+ @

In the future, the new ISO27000 series safety standard will be composed of five parts:}, E0Z "} * {2 T2 t

(}, Q T7 h / ISO 27000 will formally define the specific technical vocabulary used in these standards; v (O! @ 5 S9 p$ `)

ISO 27001 will be the ISO version of BS 7799-2, the certification standard (due for full release in November 2005, already available as a final draft); "h" R? * `- W

ISO 27002 will be the renamed and updated version of ISO 17799 or 2005 (to be released in 2006 or 2007);) W6 T6 M0 f8 V / g3 y

1 m. ~ G0g# s8 V6ISO 27003 will contain guidance for those implementing the ISO 27000-series standards; 2 ^ 7 q'S8 M5 t%}: B & R-r) V5 v K2 x / m 'R1 S; D / `

ISO 27004 will be a new Information Security Management Metrics and Measurement standard to help measure the effectiveness of information security management system implementations (currently in draft); 9 H C8? 4 N6 w7 S

ISO 27005 will be the ISO version of BS 7799-3W9 E &?; w8 I3 Z O

. ^'K,] I / x. T%

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.