Title
Information technology - Security techniques - Code of practice for information security management
Executive summary
Recommendations for information security management within an organization.
Abstract
This International Standard establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. This International Standard provides general guidance on the commonly accepted goals of information security management. The control objectives and controls of this International Standard are implemented to meet the requirements identified by a risk assessment. This International Standard may serve as a practical guideline for developing organizational security standards and effective security management practices and to help build confidence in inter organizational activities. This Standard includes recommendations on risk assessment and treatment, security policy, physical and environmental security, communications and operations management, access control, information systems acquisition, development and maintenance, information security incident management and business continuity management.
Type
Code of Practice
History and related standards
This International Standard supersedes BS ISO/IEC 17799:2000 which is withdrawn.
