Title
Information technology – Security techniques - Information security management systems - Requirements
Executive summary
Requirements for the design and implementation of information security management systems.
Abstract
This International Standard covers all types of organizations (e.g. commercial enterprises, government agencies, non-profit organizations) and specifies requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented information security management system (ISMS) within the context of the organization’s overall business risks. It specifies requirements for the implementation of security controls customized to the needs of individual organizations.
The ISMS is designed to ensure the selection of adequate and proportionate security controls that protect information assets and give confidence to interested parties. If an organization already has an operative business process management system (e.g. in relation to ISO 9001 or ISO 14001), it is preferable in most cases to satisfy the requirements of this International Standard within the existing management system.
Type
Specification
History and related standards
This International Standard supersedes BS 7799-2:2002 which is withdrawn.
This Standard includes the following cross-reference:
ISO/IEC 17799:2005.
