Hubbry Logo
BS 7799BS 7799Main
Open search
BS 7799
Community hub
BS 7799
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
BS 7799
BS 7799
BS 7799
View on Wikipedia
from Wikipedia

BS 7799 was a British standard "Code of Practice for Information Security Management", first published as such by the British Standards Institution (BSI) in February 1995. Read about the origins of BS 7799 here.

Subsequently, two further parts to BS 7799 were also published (the first becoming BS 7799 Part 1), by which time BSI had become BSI Group.

The original BS 7799 outlined a structured approach to the management of information security but was primarily a description of some 127 information security controls in 10 sections or categories. Each control was designed to address a specified control objective.

Some of the controls considered particularly important at the time were identified as 'key controls' indicated with a key icon in the margin.[1] Following pushback from the user and academic communities, however, the 'key control' concept was dropped when BS 7799 was revised in 1998. Users were encouraged to determine their own risks and objectives in order to select whichever controls were appropriate to their needs - a more fundamental and flexible approach applicable to organisations of all types, sizes and industries.

After a lengthy discussion by standards bodies through ISO/IEC, BS 7799-1 was eventually fast-tracked and adopted as ISO/IEC 17799, "Information Technology - Code of practice for information security management." in 2000. ISO/IEC 17799 was revised in June 2005, and renumbered ISO/IEC 27002 in July 2007 when it was incorporated into the growing ISO/IEC 27000 family of standards.

BS 7799 Part 2 "Information Security Management Systems - Specification with guidance for use." was first published by BSI Group in 1999 as a formal specification supporting conformity assessment and certification. BS 7799-2 explained how to design and implement an information security management system (ISMS) - a systematic approach to the governance and management of information security within an organisation. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming cycle), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO/IEC as ISO/IEC 27001 in November 2005.

BS 7799 Part 3 "Information security management systems - Guidelines for information security risk management" was first published by BSI Group in 2005. BS 7799-3 focuses on the identification, analysis, treatment and monitoring of information risks. It was adapted and adopted by ISO/IEC as ISO/IEC 27005 in 2008. Meanwhile, BS 7799-3 continues to evolve in parallel. It was revised in 2017 and a project was proposed in 2023 to simplify the guidance specifically for smaller organisations.[2]

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

BS 7799

View on Grokipedia
from Grokipedia
BS 7799 is a British Standard developed by the British Standards Institution (BSI) that outlines a systematic framework for managing information security risks within organizations, focusing on the establishment, implementation, maintenance, and continual improvement of an Information Security Management System (ISMS). First published in 1995 as the world's inaugural standard dedicated to information security management, it emphasizes a risk-based approach to protect the confidentiality, integrity, and availability of information assets. The standard was structured into two main parts: BS 7799-1, a code of practice providing detailed guidance on security controls across 11 domains (such as access control, cryptography, and physical security), and BS 7799-2, a specification for certifiable ISMS requirements that enabled organizations to undergo independent audits for compliance. BS 7799 underwent significant revisions, including a major update in 1999 that enhanced its applicability to diverse sectors. BS 7799 played a pivotal role in the internationalization of , with BS 7799-1 adopted as ISO/IEC 17799 in 2000 (later revised and renumbered as ISO/IEC 27002 in 2005 and 2013) and BS 7799-2 evolving into the globally recognized ISO/IEC 27001 in 2005. This transition marked the end of BS 7799 as a standalone standard, though its foundational principles continue to underpin modern ISMS frameworks, promoting best practices for , policy development, and incident response. By 2005, organizations certified under BS 7799-2 were required to migrate to ISO/IEC 27001, ensuring alignment with international norms.

History and Development

Origins and Initial Publication

The development of BS 7799 began in the early , derived from a standard donated by Shell to a initiative, and was formalized by the British Standards Institution (BSI) in collaboration with the UK's Department of Trade and Industry (DTI) in 1995, responding to the increasing demand from industry, , and businesses for a standardized framework to manage risks. This effort was driven by the early surge in cyber threats, such as unauthorized access and data breaches, alongside heightened data protection concerns under evolving regulations like the Data Protection Act 1984, which underscored the need for systematic practices in an increasingly digital business environment. The first part of the standard, BS 7799-1, was published on February 15, 1995, as a for systems (ISMS). Titled "Information security management - for information security management systems," it provided non-certifiable guidance on best practices, emphasizing a proactive approach to protecting information assets without mandating formal audits or compliance verification. The initial scope encompassed 10 key security management domains, including , for , asset classification and control, personnel security, physical and environmental , communications and operations management, , systems acquisition development and maintenance, business continuity management, and compliance. Building on this foundation, BS 7799-2 was introduced on February 15, 1998, as the certifiable specification for implementing an ISMS. Titled "Information security management - Specification for information security management systems," it enabled organizations to demonstrate conformance through third-party , marking a shift toward auditable implementation of the outlined in Part 1. This dual-structure approach established BS 7799 as a pioneering standard for integrating security into organizational processes.

Revisions and Evolution

Following its initial publication in 1995, BS 7799 underwent iterative revisions to enhance its applicability and robustness in information security management. In 1998, the standard was divided into two distinct parts: BS 7799-1, serving as a code of practice, and BS 7799-2, providing a specification for information security management systems (ISMS). The subsequent 1999 revision of BS 7799-1 expanded the framework to encompass 11 control areas—covering aspects such as security policy, asset management, access control, and compliance—while introducing more detailed guidelines on risk assessment and management to support systematic identification and mitigation of security threats. The 2000 revision of BS 7799-1 further refined these elements by incorporating feedback from early adopters, which led to increased emphasis on legal compliance requirements and as integral components of the control framework. Meanwhile, BS 7799-2 was revised in 2002 to integrate the cycle, a process model that facilitates continual improvement of the ISMS by structuring activities into planning, implementation, monitoring, and review phases. This period of evolution was marked by growing international interest in BS 7799 during the late 1990s, prompting the British Standards Institution (BSI) to collaborate with the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) on harmonizing the standard for broader global relevance.

Structure of the Standard

BS 7799-1: Code of Practice

BS 7799-1 serves as a foundational code of practice for information security management, offering detailed guidelines to help organizations implement effective controls for protecting information assets against a wide range of threats. Originally published by the British Standards Institution (BSI) in 1995 and revised in 1999 and 2000, it emphasizes best practices that promote the confidentiality, integrity, and availability of information without imposing mandatory requirements or certification processes. This non-certifiable framework acts as a reference for self-assessment and the development of tailored security policies, enabling organizations to build confidence in their inter-organizational dealings and comply with relevant laws and regulations. The standard structures its recommendations around 10 management domains, which collectively outline 127 security controls designed to address specific objectives. These domains cover essential areas such as:
  • Organizational security
  • Asset classification and control
  • Personnel security
  • Physical and environmental security
  • Communications and operations management
  • Systems development and maintenance
  • Business continuity management
  • Compliance
Each control provides practical guidance, including examples and considerations that can be adapted to the size, complexity, and sector of an , ensuring flexibility for small businesses as well as large enterprises. A key element of BS 7799-1 is its guidance on risk analysis methods, which form the basis for selecting and prioritizing controls. This involves systematically identifying potential threats to information assets, assessing vulnerabilities, and evaluating the likely impacts of failures on operations. Organizations are advised to conduct initial high-level risk assessments followed by more detailed reviews, balancing the cost of controls against the risks they mitigate, and performing periodic updates to account for evolving threats and changes. These methods support rather than external audits, allowing entities to proactively manage without formal . In contrast to BS 7799-2, which outlines certifiable requirements for establishing an Information Security Management System (ISMS), BS 7799-1 concentrates on advisory best practices detailing what actions organizations should take to secure , serving as a complementary resource for practical application.

BS 7799-2: Specification for ISMS

BS 7799-2, titled "Information security management systems - Specification with guidance for use," provides the certifiable requirements for establishing, implementing, maintaining, and improving an Information Security Management System (ISMS). First published in February 1998 by the British Standards Institution (BSI), it was revised in May 1999 and again in 2002 to enhance its structure. The 2002 edition, effective from September 5, introduced a process-oriented approach aligned with standards such as BS EN ISO 9001:2000, facilitating integration with other management systems like those for environmental management under BS EN ISO 14001:1996. The core requirements of BS 7799-2 center on a systematic framework using the model to ensure continual improvement of the ISMS. In the Plan phase, organizations must define the ISMS scope based on business context, locations, assets, and technologies involved; develop an information security policy; conduct risk assessments to identify assets, threats, vulnerabilities, and potential impacts; and select appropriate to address identified risks, drawing from the guidelines in BS 7799-1. The Do phase involves implementing and operating the ISMS, including applying the selected controls and allocating necessary resources. During the Check phase, organizations monitor, measure, and review the ISMS's performance through internal audits, management reviews, and analysis of security incidents. Finally, the Act phase focuses on taking corrective and preventive actions to maintain suitability, adequacy, and effectiveness, thereby driving continual improvement. A key process in BS 7799-2 is the preparation of the Statement of Applicability (SoA), which documents the security controls selected from BS 7799-1, justifies their implementation based on results, and explains any exclusions with evidence that such omissions do not compromise the organization's . The SoA serves as a critical artifact for demonstrating how risks are managed and must be approved by top management. BS 7799-2 emphasizes auditable conformance to enable third-party , requiring demonstrable management commitment through approval, resource provision, and regular reviews of residual risks. Internal audits are mandatory to evaluate ISMS effectiveness, identify nonconformities, and ensure compliance with the standard's requirements, with results feeding into management reviews for ongoing enhancements. Certification audits assess adherence to these elements, confirming that the ISMS scope covers relevant organizational parts without unjustified exclusions that could affect security objectives.

Key Components and Principles

Information Security Management System (ISMS)

The Information Security Management System (ISMS) forms the core framework of BS 7799, providing a structured methodology for organizations to manage sensitive information securely across all assets. It encompasses people, processes, and IT systems to establish, implement, maintain, and continually improve information security practices. This systematic approach ensures that security is addressed proactively rather than reactively, adapting to evolving threats and organizational needs. The primary objectives of the ISMS under BS 7799 are to preserve the , , and of —collectively referred to as the CIA triad—applied consistently at an organization-wide level. Confidentiality protects from unauthorized access, integrity safeguards its accuracy and completeness, and availability ensures timely access for authorized users. These objectives guide the development of security policies that support business operations while mitigating risks to critical data. Integration of the ISMS into business processes requires alignment with the organization's overall strategy, emphasizing top management involvement to demonstrate commitment. This includes defining clear roles, allocating necessary resources such as personnel and , and embedding considerations into . By doing so, the ISMS becomes a seamless part of , enhancing resilience without hindering operational efficiency. A key element of the ISMS is the creation of risk treatment plans derived from comprehensive risk assessments, which identify potential threats and vulnerabilities to information assets. These plans specify security measures that are proportionate to the level of risk, balancing protection needs with practical feasibility. The process supports ongoing monitoring and adjustment to maintain effective security. The ISMS implementation in BS 7799-2 utilizes the Plan-Do-Check-Act () cycle to facilitate this cyclical improvement.

Security Controls Framework

The Security Controls Framework in BS 7799-1:2000 provides a comprehensive set of best practices for implementing measures, organized into 10 domains that address various aspects of organizational security. These domains encompass 36 control objectives and 127 specific controls, designed to mitigate risks to assets through structured guidelines. The domains are as follows:
  • Security Policy: Establishes management's commitment and direction for .
  • Organizational Security: Defines roles, responsibilities, and coordination for governance.
  • Asset Classification and Control: Identifies and protects assets based on their sensitivity and value.
  • Personnel Security: Addresses risks from staff recruitment, training, and termination.
  • Physical and Environmental Security: Secures facilities, equipment, and environments against unauthorized access and hazards.
  • Communications and Operations Management: Ensures secure operations, including incident response and media handling.
  • Access Control: Manages user access to systems and data to prevent unauthorized use.
  • Systems Development and Maintenance: Incorporates into and maintenance processes.
  • Business Continuity Management: Plans for maintaining critical operations during disruptions.
  • Compliance: Ensures adherence to legal, regulatory, and internal requirements.
Within the Access Control domain, representative controls include user authentication mechanisms to verify identities for external connections and privilege management to allocate minimal necessary access rights, thereby limiting potential damage from misuse. Controls are selected and implemented based on an organization's , allowing customization to specific threats and vulnerabilities rather than mandatory adoption of all 127. The Statement of Applicability (SoA) documents this process, justifying inclusions, implementations, and any exclusions with references to . This framework is scalable to organizations of varying sizes, emphasizing a balanced mix of preventive controls (e.g., access restrictions), detective controls (e.g., monitoring for incidents), and corrective controls (e.g., response procedures) to achieve effective without excessive overhead.

Relation to International Standards

Adoption as ISO/IEC 17799

In December 2000, the British Standards Institution (BSI) successfully submitted BS 7799-1 for adoption by the (ISO) and the (IEC) Joint Technical Committee 1, Subcommittee 27 (JTC1/SC27), resulting in its renaming and publication as ISO/IEC 17799:2000, a for . This adoption marked the first internationalization of the BS 7799 framework, transforming a UK-specific standard into a globally recognized guideline. The adoption process utilized a fast-track procedure outlined in the ISO/IEC Directives, Part 3, where BSI's submission underwent review and voting by national standards bodies, achieving the required 75% approval for publication on , 2000. Minor editorial adjustments were made to enhance global applicability, such as aligning terminology and formatting for international audiences, while preserving the core structure and retaining all 127 originally defined in BS 7799-1:1999. These controls, organized across 10 domains including , , and , provided a comprehensive set of best practices without substantive alterations to their content or intent. The first edition of ISO/IEC 17799:2000 was identical in substantive content to BS 7799-1:2000, differing primarily in its endorsement by ISO and IEC, which extended its authority beyond the to an international level. This equivalence ensured seamless continuity for organizations already using the British standard while broadening its reach. The impact of this was significant, enabling consistent worldwide implementation of practices without the need for national adaptations or variations, thereby promoting uniformity in global efforts.

Transition to ISO/IEC 27001

The transition from BS 7799-2 to ISO/IEC 27001 marked a pivotal step in globalizing the framework, with ISO/IEC 27001:2005 published in October 2005 by the (ISO) and the (IEC). This new standard was directly based on the 2002 edition of BS 7799-2, adapting its core specification for an System (ISMS) while introducing enhanced requirements for certification. Unlike the earlier in BS 7799-1, ISO/IEC 27001 provided a certifiable model that emphasized establishing, implementing, operating, monitoring, reviewing, maintaining, and improving an ISMS through a structured process approach, building on the cycle from BS 7799-2. Key changes in ISO/IEC 27001:2005 included the incorporation of Annex A, which referenced 133 drawn from the revised ISO/IEC 17799:2005, an expansion from the 127 controls in the 2000 edition of ISO/IEC 17799 (formerly aligned with BS 7799-1). This alignment ensured consistency between the ISMS specification and the supporting , shifting focus from prescriptive rules to a more flexible, risk-based process orientation that allowed organizations greater adaptability in control implementation. The standard's normative annex required organizations to perform a Statement of Applicability to justify the selection and exclusion of controls, promoting tailored over rigid compliance. Following the publication of ISO/IEC 27001:2005, the British Standards Institution (BSI) withdrew BS 7799-2, ceasing its support for new certifications under the British standard. BSI explicitly recommended that organizations migrate to ISO/IEC 27001 for both initial and renewal certifications, facilitating a seamless shift to the international equivalent and ensuring continued global recognition of ISMS compliance. This withdrawal underscored the standard's evolution from a national to an international benchmark, with existing BS 7799-2 certificates honored during a transitional period but encouraged to convert promptly. To support this integration, ISO/IEC 17799 was revised in June 2005 specifically to complement ISO/IEC 27001, providing detailed guidance on the Annex A controls. This harmonized revision was later renumbered without technical changes as ISO/IEC 27002:2007 (effective from July 2007), aligning it within the broader ISO/IEC 27000 series for .

and

Certification Process

The certification process for BS 7799 focused on verifying an organization's compliance with BS 7799-2, the specification for establishing, implementing, and documenting an Information Security Management System (ISMS). Organizations seeking certification typically initiated the process with a , conducted internally or by external consultants, to evaluate existing practices against the standard's 127 controls across 10 domains and identify areas requiring improvement. Following the , the ISMS was designed, encompassing the definition of scope, development of a , , selection of applicable controls, and preparation of a Statement of Applicability (SoA) to justify inclusions and exclusions from the controls framework. Implementation then proceeded, involving the deployment of selected controls, employee on security responsibilities and threats, establishment of procedures for ongoing operations, and integration of mechanisms and management review processes to ensure continual suitability and effectiveness. The formal certification assessment was performed by a third-party body accredited by the Accreditation Service (UKAS), such as the British Standards Institution (BSI), to confirm adherence to BS 7799-2 requirements. This audit comprised two stages: Stage 1, a preliminary to assess the ISMS's readiness, scope, and alignment; and Stage 2, a comprehensive on-site to validate the , operational controls, internal audits, and management s. Successful completion of the Stage 2 audit resulted in certification issuance, valid for three years, with mandatory annual surveillance audits by the accredited body to monitor sustained compliance, alongside the organization's required internal audits and periodic management reviews. The first certifications under BS 7799-1 were self-declared following its 1995 publication as a code of practice, while full third-party certifications for BS 7799-2 commenced in 1999 after the standard's release as a certifiable specification.

Practical Application and Benefits

BS 7799 found widespread practical application in the United Kingdom's public and private sectors during its active period, particularly within government bodies, the financial industry, and information technology services. Local government entities and organizations like the National Health Service (NHS) adopted the standard to establish structured information security management systems (ISMS) aligned with national policies on data protection and operational resilience. In the finance sector, banks and insurance firms implemented BS 7799 to meet regulatory requirements, such as those under the Bank for International Settlements (BIS) and Basle II frameworks, enhancing compliance in e-banking environments where sensitive customer data required robust controls. Early adopters in IT outsourcing and infrastructure providers, including firms supporting banking operations, used the standard's security controls framework to demonstrate reliability to clients and mitigate operational risks. The benefits of applying BS 7799 were multifaceted, primarily revolving around enhanced and organizational trust. Organizations reported improved identification and mitigation of risks through systematic assessments, leading to fewer incidents and associated disruptions. This preventive approach not only bolstered stakeholder confidence—particularly among customers and partners in regulated sectors like —but also yielded cost savings by reducing the financial impact of breaches and streamlining processes. For instance, certified entities noted heightened employee awareness and commitment to , fostering a proactive culture that supported long-term . Despite these advantages, implementing BS 7799 presented notable challenges, especially for small and medium-sized enterprises (SMEs). High initial costs for conducting assessments, developing policies, and staff often deterred smaller organizations, as the standard's comprehensive requirements demanded significant disproportionate to their scale. The complexity of performing thorough evaluations, including asset identification and , further complicated adoption, requiring specialized expertise that many SMEs lacked. Additionally, achieving cultural change proved difficult, as embedding security practices necessitated shifting employee behaviors and overcoming resistance to new protocols across the organization. By 2005, over 1,000 BS 7799 certifications had been achieved worldwide, with the majority concentrated in Europe, particularly the UK, reflecting its strong uptake in key sectors during the standard's peak influence.

Legacy and Current Status

Withdrawal of the Standard

The British Standards Institution (BSI) withdrew BS 7799-2:2002 on 18 October 2005, shortly after the publication of ISO/IEC 27001:2005, which effectively superseded the UK-specific certification standard and led to no further updates or maintenance of BS 7799 as a distinct national framework. BS 7799-1, the code of practice component, had been aligned with international efforts earlier but was similarly phased out in favor of the global standard. The primary reasons for the withdrawal were to eliminate duplication between the British standard and its international counterpart, as ISO/IEC 27001 was directly derived from BS 7799, and to enable BSI to focus on promoting and supporting the broader adoption of ISO standards worldwide. To facilitate the shift, BSI issued guidance materials, including detailed mapping documents that outlined differences and correspondences between the requirements of BS 7799-2:2002 and ISO/IEC 27001:2005, assisting organizations in updating their information security management systems (ISMS) with minimal disruption. These resources supported a structured migration process, allowing certified entities to transition to ISO/IEC 27001 compliance while maintaining continuity in security practices.

Ongoing Influence

Although formally withdrawn following its adoption into the ISO/IEC 27001 standard in 2005, BS 7799 continues to exert a profound legacy as the foundational framework for the ISO 27000 family of information security standards. Originating in 1995 from the British Standards Institution, BS 7799 introduced systematic approaches to information security management that directly informed the structure and principles of ISO 27001, including the establishment of an Information Security Management System (ISMS). This evolution positioned BS 7799's core elements—such as comprehensive security controls and organizational governance—as enduring pillars in global cybersecurity practices. The concepts pioneered by BS 7799, particularly the ISMS and risk-based controls, remain integral to contemporary cybersecurity frameworks. These elements enable organizations to identify, assess, and mitigate information risks in a structured manner, forming the basis for ongoing compliance and resilience strategies worldwide. In historical compliance contexts, BS 7799 is frequently referenced as a benchmark for understanding the development of modern standards, highlighting its role in shaping methodologies that prioritize and threat response. BS 7799's principles have indirectly influenced broader regulatory landscapes, including the European Union's General Data Protection Regulation (GDPR) and the U.S. National Institute of Standards and Technology (NIST) Cybersecurity Framework. Through its lineage in ISO 27001, BS 7799 supports GDPR compliance by providing risk assessment tools that align with data protection requirements, while mappings between ISO 27001 and NIST enable integrated security implementations. Recent updates to ISO 27001, such as the 2022 edition, build indirectly on BS 7799's original domains by refining risk treatment and control objectives that trace back to its specifications. Organizations certified under ISO/IEC 27001:2013 were required to transition to the 2022 edition by 31 October 2025, ensuring continued alignment with evolving global standards derived from BS 7799. Furthermore, BS 7799-3:2017, updated in 2017, was withdrawn on 27 January 2023. However, a revision project initiated in August 2023 aims to align it with BS EN ISO/IEC 27001:2023 (the UK adoption of ISO/IEC 27001:2022), providing specialized guidance for , particularly for small and medium-sized enterprises. As of November 2025, the revision remains in draft.

References

  1. https://www.bsigroup.com/globalassets/localfiles/en-us/whitepapers/Information%20Security/bsi-whitepaper-hipaa-iso-iec-27001.pdf
  2. https://www.bsigroup.com/siteassets/pdf/en/insights-and-media/insights/brochures/27001-iso-client-guide.pdf
  3. https://knowledge.bsigroup.com/articles/celebrating-the-outreach-of-information-security-management-standards
  4. https://www.semanticscholar.org/topic/BS-7799/787495
  5. https://knowledge.bsigroup.com/products/information-security-management-code-of-practice-for-information-security-management-systems
  6. https://www.giac.org/paper/gsec/2693/implementation-methodology-information-security-management-system-to-comply-bs-7799-requirements/104600
  7. https://knowledge.bsigroup.com/products/information-security-management-specification-for-information-security-management-systems
  8. https://www.bsigroup.com/documents/iso-27001/resources/bsi-iso27001-launch-event-slides-uk-en.pdf
  9. https://knowledge.bsigroup.com/products/information-security-management-code-of-practice-for-information-security-management
  10. https://www.iso.org/standard/33441.html
  11. https://cdn.standards.iteh.ai/samples/33441/0d7ad3bb8ce24c5aaf58408b019b3c53/ISO-IEC-17799-2000.pdf
  12. http://www.tarrani.net/AttainingISO17799.pdf
  13. https://knowledge.bsigroup.com/products/information-security-management-specification-with-guidance-for-use
  14. https://cdn.standards.iteh.ai/samples/1000/4d9afb0aed304549901996e2d9d258c1/SIST-BS-7799-2-2003.pdf
  15. https://bizmasterz.com/what-is-bs-7799-security-standard/
  16. https://labs.ece.uw.edu/nsl/students/alomair/LB-Arabic/general/standards/british-standard-7799-iso-17799.html
  17. https://knowledge.bsigroup.com/products/information-security-management-systems-guidelines-for-information-security-risk-management
  18. http://www.asq0511.org/Presentations/200405/BS7799_Implementation_ASQ_12May04.pdf
  19. https://sites.pitt.edu/~dtipper/2825/ISO_Article.pdf
  20. https://www.sans.org/media/score/checklists/ISO-17799-2005.pdf
  21. http://www.spinaltwist.eclipse.co.uk/Files/DTI/bs7799_explained.pdf
  22. https://www.csoonline.com/article/515399/data-protection-revised-iso-17799-boosts-information-security-management-relevance.html
  23. https://www.gta.ufrj.br/ensino/cpe728/03_ins_info_security_iso_17799_1101.pdf
  24. https://www.iso.org/standard/42103.html
  25. https://alphapub.blob.core.windows.net/arena/documents/7812495.pdf
  26. https://www.iso.org/standard/39612.html
  27. https://secureframe.com/hub/iso-27001/history
  28. https://www.giac.org/paper/gsec/3740/information-security-management-system-bs-7799-2-2002-implementation-overview/105976
  29. http://iso17799bs7799.50webs.com/history_of_the_standard_bs7799.htm
  30. https://www.certifiersbureau.com/iso-27001/
  31. https://assets.publishing.service.gov.uk/media/5a7c7c31e5274a559005a304/Information_Security_Management_-_NHS_Code_of_Practice.pdf
  32. http://repo.darmajaya.ac.id/5516/1/IT%2520Governance%2520A%2520Managers%2520Guide%2520to%2520Data%2520Security%2520and%2520BS%25207799%2520ISO%252017799%2520by%2520Alan%2520Calder%252C%2520Steve%2520Watkins%2520%2528z-lib.org%2529.pdf
  33. https://www.giac.org/paper/g2700/26/implementing-information-security-management-system-7799-e-banking-environment/103524
  34. https://www.researchgate.net/publication/45816157_Information_Security_Standards_Adoption_Drivers_Invited_Paper
  35. https://www.giac.org/paper/g2700/87/aligning-information-risk-management-approach-bs-7799-3-2005/109468
  36. https://www.iso.org/iso/info_security.pdf
  37. https://www.researchgate.net/publication/266080655_The_Challenge_of_Implementing_Information_Security_Standards_in_Small_and_Medium_e-Business_Enterprises
  38. https://www.giac.org/paper/gsec/4428/implementing-information-risk-management-program/107073
  39. https://opendl.ifip-tc6.org/db/conf/tc11-5/iicis2004/EzingeardB04.pdf
  40. https://www.itgovernance.co.uk/files/Infosec%20101v1.1.pdf
  41. https://www.bsigroup.com/en-US/our-expertise/digital-trust/digital-risk-management/
  42. https://www.isms.online/iso-27000/
  43. https://www.neumetric.com/journal/iso-27002-information-security-management/
  44. https://www.bitdefender.com/en-us/business/infozone/iso-iec-27001
  45. https://www.itgovernanceusa.com/iso27001-and-nist
  46. https://www.pivotpointsecurity.com/what-the-new-iso-270012022-release-will-mean-to-you/
  47. https://standardsdevelopment.bsigroup.com/projects/9023-09086
Add your contribution
Related Hubs
User Avatar
No comments yet.