BS7799-3 Security Risk Management Standard Released Today

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

The new BS IS security standard, BS7799-3 has been published this
morning. This is officially titled "Guidelines for Information Security
Risk Management", and is deigned to support the general ISMS standard,
ISO 27001, and the code of practice, ISO 17799, which were
published/updated last year.

Whilst ISO27001 covers all aspects of an ISMS, BS7799-3 focuses upon
risk specifically, including:
- assessment/eval of risks
- implementation of controls to address them
- review & monitoring
- maintenance/improvement of the overall control system.

The document is organized as follows:
1. Scope
2. Normative references
3. Terms + definitions
4. IS risks in the organizations context
5. Risk assessment
6. Risk treatment and management decision making
7. Ongoing risk management

The new standard is now available for the main BSI store, 'Standards

Or as part of a special edition of the ISO 17799 Toolkit:

For further information on BS7799, the following references sites may
assist: /

I hope this is of interest.

The ISO 17799 Newsletter

Site Timeline