ESTec Security
Client Login
ESTec Security Search Sitemap Contact Us
About Us Products & Services Newsroom Education Careers
Quick Finder
Vulnerability Assessment
Incident Response
Intrusion/ Penetration Testing
ISO 27001 / ISO 17799 / BS 7799
ISMS History
ISMS Tools
ISMS Business Case
Information Technology Risk Assessment
Security Policy Review and Formulation
Telecommunications Audit
Code Audit
Network Architecture Reviews
Firewall Rule Set Audit
Security Log Analysis
Expert Witness
Disaster Recovery Planning & Plan Reviews
Security Auditing
Security Awareness Programs
New Features




ISMS History

The first standards based Information Security Management System (ISMS) was British Standard (BS) 7799. The original standard was BS 7799:1995 part 1. This was revised in 1998 and again in 1999. Part 1 laid out the general principles that an ISMS should follow and how it should be structured.

Part 2 was finally published in 1998, providing the framework detail that allowed an organization to become certified. This was revised in 1999, 2001 and the current version is the 2002 version of the standard.

The British standard has proven to be very popular. It offers an organization a way to demonstrate to customer, or regulators that information security is being handled in an acceptable standardized way. Already organizations in the UK have been able to use their BS 7799 certification as a defence in court. When hackers have been able to penetrate a certified organization the defence is that while intrusions are not totally preventable, the organization is meeting a recognized standard for handling information security. The organization is complying with a due dilligence standard for information security.

As a result of this popularity, the International Standards organization has moved to adopt a modified version of BS 7799. Part 1 has now been adopted by the ISO as standard ISO 17799. Part 2 has been published in draft form as standard 27001, and is expected to be adopted by the ISO in the fall of 2005. The ISO has expanded somewhat on the BS 7799 standard, adding additional control areas in part 1 and considerably expanding upon the detail available to organizations in part 2.

It is expected that all countries that subscribe to the ISO framework will adopt ISO 17799 and ISO 27001. This will be a significant benefit to organizations that already have an obligation under SOX and SOX like regulations, or under HIPPA or other privacy legislation. By implementing and certifying under ISO 17799 / ISO 27001 an organization has an independent verification of their compliance with information security and privacy legislation. Even where the legislation is vague about the requirements that the organization must comply with.

About Us | Products & Services | Newsroom | Education | Careers | Contact Us | Privacy Commitment | Terms of Use

©2002 ESTec Systems Corporation. All rights reserved.