BS7799-3 is Born

4 views
Skip to first unread message

Sue Thomas

unread,
Mar 16, 2006, 7:47:25 AM3/16/06
to ISO-27001
It was published this morning (16th March 2006). Titled "Guidelines for
Information Security Risk Management", it is designed to support the
general ISMS standard, ISO 27001, and the CoP, ISO17799, which were
published in 2005.

Whilst 27001 covers all aspects of an ISMS, BS7799-3 focuses upon risk
only:
- assessment/eval of risks
- implementation of controls to address them
- review
- maintenance of the overall control system.

The document itself is organized as follows:
1. Scope
2. Normative references
3. Terms/definitions
4. IS risks in the organisations context
5. Risk assessment/analysis
6. Risk treatment and management decision making
7. Ongoing risk management


The new standard is now available for the usual BSI store, 'Standards
Direct':
http://17799.standardsdirect.org/bs7799.htm

Or as part of a special edition of the ISO17799 Toolkit:
http://www.27005.net


For further information on BS7799, the following references site may
assist:
http://www.thewindow.to/bs7799/


I hope this helps.

Sue
The ISO 17799 Newsletter
http://17799-news.the-hamster.com

Reply all
Reply to author
Forward
0 new messages