Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] New ISO 17799 Version Published

from [laurahamp] Network Security [Permanent Link]
Subject: [CISSP-D] New ISO 17799 Version Published
Date: Fri, 17 Jun 2005 12:38:54 -0000 
Just a heads up that a new version of this security standard has this 
week been published.  The following has just been issued by the 17799 
Newsletter:


The official revision of ISO/IEC 17799 is now available (June 2005). 
This new version has been in process for several years, and introduces 
a number of siginificant changes to ISO 17799. The old version, 
originally published in December 2000, has been withdrawn with 
immediate effect.

The new standard now contains 11 'core' chapters, as opposed to 10, 
with existing chapters being renamed and re-organized. The new chapter 
format is as follows:

1) Security Policy
2) Organizing Information Security
3) Asset Management
4) Human Resources Security
5) Physical and Environmental Security
6) Communications and Operations Management
7) Access Control
8) Information Systems Acquisition, Development and Maintenance
9) Information Security Incident Management
10) Business Continuity Management
11) Compliance. 

The new version of the standard also introduces controls to address a 
range of issues not previously covered. These include topics such as 
outsourcing provision and patch management. Equally, other areas have 
been substantially extended or re-shaped, such as employment 
termination, and mobile/distributed communication.

In addition to the content itself, several steps have also been taken 
to enhance the "user friendliness" of the standard. The standard has 
also been normalized to position itself to sit more comfortably 
alongside related security standards in the future.


OFFICIAL SOURCES
The following official outlet (BSI) has been updated to provide copies 
of the new standard (as opposed to the old):
http://www.standardsdirect.org/iso17799.htm

The ISO 17799 Toolkit, the standard's support and starter kit, has 
also been updated to include the new version:
http://www.17799-toolkit.com

MODERATOR NOTE:
Also take a look at http://www.cccure.org main page, the top story on the main 
page has a great link to a PowerPoint presentation that has all of the details 
of what was introduced and removed.  

For further information see the ISO 17799 Newsletter archive site at:
http://17799-news.the-hamster.com 








 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] New ISO 17799 Version Published, laurahamp <=
Previous by Date:  Re: [CISSP-D] About the material for the CISSP Certification, Rob, grandpa of Ryan, Trevor, Devon & Hannah
Next by Date:  Re: [CISSP-D] File - ++CISSP-Discuss.doc, raja c v
Previous by Thread:  [CISSP-D] more test questions, Calogero Bonasia
Next by Thread:  [CISSP-D] Registration for exam., Nadeem Rafi
Indexes:  [Date] [Thread] [Top] [All Lists]