0.
0.1
0.2
0.3
1.
1.1
2.
2.1
2.2
3.
3.1
3.2
4.
4.1
4.2
4.3
5.
5.1
5.2
6.
6.1
6.2
6.3
6.4
6.5
6.6
6.7
7.
7.1
7.2
7.3
7.4
7.5
7.6
7.7
8.
8.1
8.2
8.3
8.4
9.
9.1
10.
10.1 -
10.2
10.3
() , BS 7799
Contents: The BS 7799-1 standard contains the prologue, sections on policy of IB, the organization of IB system, classification of resources, and others, and also has the appendix with the list of types of control. Contains the systematic, very full, universal list of regulators of the safety, useful to the organization practically any size, structure and a field of activity.
Scope
Terms and definitions
Security policy
3.1 Information security policy document
3.2 Review and evaluation
Security organization
4.1 Information security infrastructure
4.2 Security of third party access
4.3 Outsourcing
Asset classification and control
5.1 Accountability for assets
5.2 Information classification
Personnel security
|
|
6.1 Security in job definition and resourcing
6.2 User training
6.3 Responding to security incidents and malfunctions
Physical and environmental security
7.1 Secure areas
7.2 Equipment security
7.3 General controls
Communications and operations management
8.1 Operational procedures and responsibilities
8.2 System planning and acceptance
8.3 Protection against malicious software
8.4 Housekeeping
8.5 Network management
8.6 Media handling and security
8.7 Exchanges of information and software
Access control
9.1 Business requirement for access control
9.2 User access management
9.3 User responsibilities
9.4 Network access control
9.5 Operating system access control
9.6 Application access control
9.7 Monitoring system access and use
9.8 Mobile computing and teleworking
Systems development and maintenance
10.1 Security requirements of systems
10.2 Security in application systems
10.3 Cryptographic controls
10.4 Security of system files
10.5 Security in development and support processes
Business continuity management
11.1 Business continuity management process
Compliance
12.1 Compliance with legal requirements
12.2 Reviews of security policy and technical compliance
12.3 System audit considerations
Appendix
A (standard) the List of types of the control used in BS 7799
List of terms
Literature
: 15 1995
Publication Date: On February 15, 1995
: 1995 , ISO/IEC 17799:2000 (BS 7799-1:2000).
Official status: it is approved as state standard of Great Britain in 1995, and as the international ISO/IEC 17799:2000 standard (BS 7799-1:2000).
: . , , .
, .
BS7799 , , , , , , / , , , , . , , .
, : .
BS 7799 :
- ;
|
|
- ;
- ;
- ;
- ;
- ;
- ;
- ;
- .
BS 7799/ISO 17799 . (, 1- 2004 ), , , .
Scope: This standard makes recommendations for management of information of safety. It is intended for providing the organizations with the general base for development, introduction and an assessment of actions for effective management of safety, and also for ensuring confidence of partners in relationship with other organizations.
It can be used as the general exemplary standard in relationship between the organizations and for regulation of the relations with contractors, and also by delivery of information services or products.
BS7799 can be used for protection of any kinds of information, including financial, personnel, information on suppliers or any other data of the company and that is important, information belonging to your partners/clients in a word, everything that everything is a significant information resource of any company, and that is vulnerable for safety threats. It is intended for use as the help document heads and the ordinary employees who are responsible for planning, realization and maintenance of internal system of information security.
It is important that this standard doesn't concentrate only on confidentiality: in the commercial organizations from the point of view of possible material losses integrity and availability of data are often more critical.
BS 7799 protects from possible threats to your information system:
- hackers;
- industrial espionage;
- unfair employees;
- computer piracy;
- theft and vandalism;
- food shutdowns;
- failures in work of the equipment and ON;
- viruses;
- natural disasters and many other.
Today the BS 7799/ISO 17799 is the unique standard of management of information security in Europe and Asia. The last one and a half years influence of a standard grows as in CIS countries (for example, in Republic of Belarus the standard is officially accepted since November 1st, 2004), and in Russia where it started to use in practice as leaders of business, and medium-sized companies.
: BS 7799 , , , - . , , , , , . . .
, , , .
BS7799 , , , , , , / , , , , .
, , , , .
, .
|
|
, I-.