ISO 17799 - 2005 Version Released

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

The latest revision of ISO 17799, has been under development for
several years, is now available. It introduces a number of fundamental
changes to the standard. The old version, ISO17799:2000, has been

ISO 17799 now contains eleven 'core' chapters, as opposed to the
previous ten, with existing chapters also being re-organized. The new
setup is as follows:

- Security Policies
- Organizing Information Security
- Asset Management
- Human Resources Security
- Physical and Environmental Security
- Information Security Incident Management
- Communications and Operations Management
- Access Control
- Information Systems Acquisition, Development and Maintenance
- Business Continuity Management
- Compliance.

ISO 17799 2005 also introduces controls to address security related
issues not previously covered. These include  outsourcing provision,
patch management and others. Other issues have been extended or
re-written (eg: employment termination, and mobile comms).

Steps have also been taken to imprive the end user friendliness of the
document itself.

The following official outlet (via BSI) has been updated to provide
downloads of the new standard:

The ISO 17799 Toolkit, the standard's support kit, has also been
updated to include the 2005 version:

For more information see the ISO17799 Newsletter archive site:

Kind regards,


Site Timeline