Prepared by the British Standards Institution (as BS 7799) and then adopted by the Joint Technical Committee ISO/IEC JTC 1 in 2000, ISO 17799, is an internationally respected standard for information security.
Although comprehensive in the wide number of issues it addresses, it has been called a starting point and not a technical specification. However it is a good guideline for organizations to use to start or review a security architecture and the associated processes.
The following topics are addressed in the standard, primarily at a managerial level:
• Establishing organizational security policy,
• Organizational security infrastructure,
• Asset classification and control,
• Personnel security,
• Physical and environmental security,
• Communications and operations management,
• Access control,
• Systems development and maintenance,
• Business continuity management, and
Now known as ISO27002.