The story started when United Kingdom Department of Trade and Industry (DTI) created a code of good security practice for information security.
This creation led to publication of a document known as DISC PD0003 and continued the development by British Standard Institute (BSI). In 1995 this document became a formal information security standard known as BS7799.
British Standard Institute (BSI) then developed another standard, a specification of information security management system as BS7799-2. In 1999 both standard were published by BSI as BS7799-1:1999 and BS7799-2:1999.
In 2000, ISO adopted security standards from BSI and published it. BS7799 part 1 Code of practice has become ISO/IEC 17799:2000 Code of practice for Information Security Management.
In 2005, BS7799-2 emerged as ISO/IEC 27001:2005 and ISO 17799:2000 was republished as ISO/IEC 17799:2005. Late in 2007, to align with the series numbering system, ISO 17799:2005 was renamed to ISO 27002:2007.
ISO/IEC 27001:2005 specifies a management system that is intended to bring information security under explicit management control. This standard is an ISMS framework where in all elements of the company monitoring and controlling security, minimizing risk and ensuring compliance to the standards using Plan-Do-Check-Action (PDCA) cycle. Organizations that claim to have adopted ISO/IEC 27001 can therefore be formally audited and certified compliant with the standard.
ISO/IEC 27002:2007 provides best practice recommendations and provide guidance in initiating, planning, implementing and maintaining information security management systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad. This standard also provides a list of controls to be implemented as part of ISMS and it includes 11 control domains, 39 control objectives and 133 controls.
On 25 September 2013 the new edition of ISO/IEC 27001:2013 and ISO/IEC 27002:2013 were published. Many concepts in ISO/IEC 27001 has changed and become more general. More flexibility in how documentation is structured and using ‘continuous improvement’ instead of using only PDCA cycle.
For ISO/IEC 27002 list of controls has changed, some controls being added, some are combined and some are reduced to become 14 control domains, 35 control objectives and 114 controls.
Watch the vidoe on Youtube https://www.youtube.com/watch?v=MV52CKQy3ic
Watch the vidoe on Youtube https://www.youtube.com/watch?v=MV52CKQy3ic
No comments:
Post a Comment