Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Sue Thomas
March 16, 2006, 12:44 pm
rate this thread
morning. This is officially titled "Guidelines for Information Security
Risk Management", and is deigned to support the general ISMS standard,
ISO 27001, and the code of practice, ISO 17799, which were
published/updated last year.
Whilst ISO27001 covers all aspects of an ISMS, BS7799-3 focuses upon
risk specifically, including:
- assessment/eval of risks
- implementation of controls to address them
- review & monitoring
- maintenance/improvement of the overall control system.
The document is organized as follows:
2. Normative references
3. Terms + definitions
4. IS risks in the organizations context
5. Risk assessment
6. Risk treatment and management decision making
7. Ongoing risk management
The new standard is now available for the main BSI store, 'Standards
Or as part of a special edition of the ISO 17799 Toolkit:
For further information on BS7799, the following references sites may
I hope this is of interest.
The ISO 17799 Newsletter
- » CertOpenStore: Problem opening user certificates on a remote computer
- — Previous thread in » General Computer Security