ISO 17799

ISO 17799 is a set of controls and standards regarding information security. Please contact us for more detailed information on the objectives and compliance stratgies.

Here is a summary:

ISO 17799 is comprised of 10 main sections:

1. Business Continuity Planning

Objectives: Counteracts interruptions to business activities and to critical business processes from the effects of major failures or disasters.

2. System Access Control

Objectives: Controls access to information; prevents unauthorised access to information systems; ensures the protection of networked services; prevents unauthorized computer access; detects unauthorised activities; ensures information security when using mobile computing and tele-networking facilities.

3. System Development and Maintenance

Objectives: Ensures security is built into operational systems;
p revents loss, modification or misuse of user data in application systems; protects the confidentiality, authenticity and integrity of information; ensures IT projects and support activities are conducted in a secure manner; maintains the security of application system software and data.

4. Physical and Environmental Security

Objectives: Prevents unauthorised access, damage and interference to business premises and information; prevents loss, damage or compromise of assets and interruption to business activities; prevents compromise or theft of information and information processing facilities.

5. Compliance

Objectives: Avoids breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements; ensure compliance of systems with organizational security policies and standards; maximizes the effectiveness of and minimizes interference to/from the system audit process.

6. Personnel Security

Objectives: Reduces risks of human error, theft, fraud or misuse of facilities; ensures that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work; minimises the damage from security incidents and malfunctions and learn from such incidents.

7. Security Organization

Objectives: Manages information security within the Company; maintains the security of organizational information processing facilities and information assets accessed by third parties; maintains the security of information when the responsibility for information processing has been outsourced to another organization.

8. Computer & Network Management

Objectives: Ensures the correct and secure operation of information processing facilities; minimise the risk of systems failures; protect the integrity of software and information; maintains the integrity and availability of information processing and communication; ensures the safeguarding of information in networks and the protection of the supporting infrastructure; prevents damage to assets and interruptions to business activities; prevents loss, modification or misuse of information exchanged between organizations.

9. Asset Classification and Control

Objectives: To maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.

10. Security Policy

Objectives: To provide management direction and support for information security.