Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security CISSP-Discussion
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[CISSP-D] ISO 27001 Final Draft Published

from [laurahamp] Network Security [Permanent Link]
Subject: [CISSP-D] ISO 27001 Final Draft Published
Date: Wed, 06 Jul 2005 21:38:18 -0000 
I know that Clement broke the news on his portal the other day with
an extract from it, but the full ISO 17799 Newsletter detailing this 
development has now been published.

For information I am reproducing below (permission has been granted
by the authors). I hope it's of interest:


ISO 17799 NEWSLETTER: SPECIAL EDITION

Significant changes to major standards are rare and infrequent, to
say the least. Two such changes to closely related standards even more
so. However, this scenario has recently occurred with respect to the 
information security standards. Hence we find ourselves issuing a 
second special edition of the ISO 17799 newsletter, within three 
weeks, for which we apologise.

Following hot on the heels of the publication of ISO 17799 2005, the 
final draft of ISO 27001 has now been produced. 


WHAT IS ISO 27001?

ISO 27001 is the replacement for BS7799. This in turn is the 'sister 
publication' for ISO 17799. Whereas ISO 17799 is a 'code of
practice', describing individual controls for potential 
implementation, BS7799 outlines the requirements for an Information 
Security Management System. In other words, it sets out a system for 
the management of information security, within which the controls 
described within ISO 17799 may be selected. 

BS7799 is in fact the part of the standard set against which 
certification is granted. This mantle will be passed to ISO 27001
upon final publication. 

The new (draft) version has incorporated a number of significant 
changes. It further 'harmonizes' the approach with other management 
standards, such as ISO 9001, and builds further upon the PDCA model 
(Plan-Do-Check-Act). However, the main driver in terms of timing
seems to have been the urgent need for re-alignment with the new 
version of ISO 17799 (2005) as opposed to the old version (2000).


WHY A 'DRAFT' VERSION?

BS799 was submitted for 'fast track' to become an ISO standard some 
time ago. Even this process though is lengthy, requiring due process 
and consultation. It has now passed all the key voting stages, 
however, and final publication is expected later this year.

This of course presents something of a dilemma. BS7799 is not aligned 
properly with the current 2005 version of ISO 17799. 

To address this, SNV (the Swiss national standards body) and BSI have 
offered a free upgrade to the final version, to those who purchase
the draft version from their respective online shops (see below).
This 
enables organizations to work with the final draft (known as the FDIS 
version), without having to re-purchase to obtain the copy with any 
i's dotted, and t's crossed. 


WHY 27001?
Major topic based standards tend to be grouped together in terms of a 
series. Typical of this is the ISO 9000 series (quality management) 
and the ISO 14000 series (environmental management). 27000 has been 
earmarked for the information security management series. 

The first publication within this series is of course 27001. However, 
it is envisaged that eventually ISO 17799 will be renumbered as ISO 
27002. A new document, for security measurement and metrics, is being 
produced for potential publication as ISO 27004. 


OFFICIAL SOURCES

SNV: The Swiss national standards body, SNV, offer ISO 27001 FDIS
from the following site: 
http://www.standards-online.net/InformationSecurityStandard.htm

BSI: Through the StandardsDirect outlet, BSI offer the draft standard 
from the following page: 
http://www.standardsdirect.org/iso27001.htm

A special version of the ISO 17799 Toolkit, the standard's support
and starter kit, which includes the new standard (draft), is available
via both these sites.

Both the above versions are currently in English language only.



DISCUSS THESE DEVELOPMENTS

ISO 17799 and ISO 27001 can be openly discussed on the public forum 
provided by the International ISO 17799 User Group: 
http://www.17799.com

There is a second public forum, via Yahoo, available from the 
following site: 
http://www.27001-online.com



For further information see the ISO 17799 Newsletter archive site at: 
http://17799-news.the-hamster.com 






 
Yahoo! Groups Links

<*> To visit your group on the web, go to:
    http://groups.yahoo.com/group/CISSP-Discuss/

<*> To unsubscribe from this group, send an email to:
    CISSP-Discuss-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
    http://docs.yahoo.com/info/terms/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [CISSP-D] ISO 27001 Final Draft Published, laurahamp <=
Previous by Date:  Re: [CISSP-D] CISSP.COM has vanished, Antonio
Next by Date:  [CISSP-D] (ISC)2® PUBLISHES GUIDE TO INFORMATION SECURITY PROFESSION FOR SCHOOLS, Clement Dupuis
Previous by Thread:  [CISSP-D] What happen to CISSP Portal?, Antonio
Next by Thread:  [CISSP-D] (ISC)2® PUBLISHES GUIDE TO INFORMATION SECURITY PROFESSION FOR SCHOOLS, Clement Dupuis
Indexes:  [Date] [Thread] [Top] [All Lists]