We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Technology

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What Is ISO 17799?

By Sandi Johnson
Updated: Jan 29, 2024
Views: 8,262
Share

ISO 17799 is an outdated standard for information security adopted by the International Organization for Standardization (ISO) in 2000. The code of practice, derived from the British Standard known as BS7799, outlined best practices regarding the confidentiality, integrity and availability of information within an organization. Officially known as ISO/IEC 17799, the standard was intended to guide information management personnel in charge of establishing security systems. Topics addressed included defining information security terms, classifying information types, outlining minimum requirements, and suggesting appropriate responses to breaches in security.

By 2005, advances in technology necessitated revisions to ISO 17799 to align with then-current practices and capabilities. It is common practice of the ISO to revise standards every few years to ensure guidelines, codes of practice, and standards are relevant and reflect current technologies and international business philosophies. As a result of the 2005 revisions, ISO 17799 became known as ISO/IEC 17799:2005. To help differentiate between various incarnations of ISO 17799, the original standard became known as ISO/IEC 17799:2000.

In 2007, the ISO and the International Electrotechnical Commission (IEC) renumbered the ISO 17799 standard, labeling it as ISO/IEC 27002. Often referenced as the ISMS Family of Standards, the ISO 27000 series deals entirely with Information Security Management Systems, or ISMS. Renumbering ISO 17799 allowed ISO/IEC officials to group future security standards into one category of guidelines for easy reference. Few changes to the standard occurred in 2007, as the choice to renumber such standards was purely an administrative change to accommodate anticipated future needs.

From the beginning, ISO 17799 dealt with matters such as security policies, control of access, defining types of information, development of information systems, and risk assessment. Organizational leaders could use ISO 17799 as a guide for developing information systems and ensuring the security of such systems. Additional guidelines regarding acquisition of existing systems, as typically occurs during business mergers, outlined steps to maintain information security without limiting access to key personnel. Recommendations for developing security practices as well as handling instances of security breaches were also included in the first ISO 17799.

Originally, the complete ISO 17799 standard included eleven topic-specific sections. Those sections included security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, incident management, business continuity management, and compliance. ISO/IEC 27002 included an additional topic section, just after the introductory sections, that covered risk assessment exclusively. All other topic-specific sections remained intact, but included relevant updates and revisions.

Share
WiseGeek is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.

Editors' Picks

Discussion Comments
Share
https://www.wise-geek.com/what-is-iso-17799.htm
Copy this link
WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGeek, in your inbox

Our latest articles, guides, and more, delivered daily.