IsoOrganization has involvements in SecurityManagement. Relevant specifications include ISO17799 [and Part 2: auditing guidelines in BS7799-2 (2002 revision) - not yet adopted?]. * According to Lucent''''''Technologies, ISO 17799 is a direct descendant of the British Standard Institute (BSI) Information Security Management standard BS7799. ref ** http://www.lucent.com/livelink/090094038006a83b_White_paper.pdf * FAQ from NIST ** http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq-110502.pdf * See more information ** http://www.iso17799software.com/presentation/ . There's an ISO 17799 specific wiki site * http://iso-17799.safemode.org ''ISO17799 is essentially identical to BS7799 part 1. It's mostly a collection of good advice. BS7799 Part 2 is a mandated approach to information security management. While it is a reasonable approach (in my opinion) it's not the only approach, and this restriction to a single approach was one of the reasons that the US (and possibly others) objected to its adoption as a ISO standard'' ''Only Part 2 can be audited against, so if you see someone claiming compliance to ISO17799, make sure you understand exactly what they mean by that...'' ---- Another ISO security standard is ISO 13335 (GMITS or "Guidelines for the Management of IT security") * A 5 part document. Part 1 concepts and model, part 2 on management and planning, part 3 on techniques related to policy/controls/safeguards, part 4 on list of safeguards, part 5 on network security aspects. * From http://www.auckland.ac.nz/security/AusCERT2004Report.htm#ISO%2013335,%20the%20new%20standard%20for%20IT%20security%20Jodie%20Siganto ---- ''ANSI has also being doing security analysis together with ISO. See a 2004 example * http://public.ansi.org/ansionline/Documents/Meetings%20and%20Events/2004%20Annual%20Conference/Presentations/Panel%20V/Deane%20-%20Panel%20V.pdf'' ---- CategorySecurity