IsoOrganization has involvements in SecurityManagement.

Relevant specifications include ISO17799 [and Part 2: auditing guidelines in BS7799-2 (2002 revision) - not yet adopted?].

* According to Lucent''''''Technologies, ISO 17799 is a direct descendant of the British Standard Institute (BSI) Information Security Management standard BS7799. ref 
** http://www.lucent.com/livelink/090094038006a83b_White_paper.pdf
* FAQ from NIST 
** http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq-110502.pdf
* See more information 
** http://www.iso17799software.com/presentation/ .

There's an ISO 17799 specific wiki site 
* http://iso-17799.safemode.org

''ISO17799 is essentially identical to BS7799 part 1. It's mostly a collection of good advice. BS7799 Part 2 is a mandated approach to information security management. While it is a reasonable approach (in my opinion) it's not the only approach, and this restriction to a single approach was one of the reasons that the US (and possibly others) objected to its adoption as a ISO standard''

''Only Part 2 can be audited against, so if you see someone claiming compliance to ISO17799, make sure you understand exactly what they mean by that...''
----

Another ISO security standard is ISO 13335 (GMITS or "Guidelines for the Management of IT security")

* A 5 part document. Part 1 concepts and model, part 2 on management and planning, part 3 on techniques related to policy/controls/safeguards, part 4 on list of safeguards, part 5 on network security aspects. 
* From http://www.auckland.ac.nz/security/AusCERT2004Report.htm#ISO%2013335,%20the%20new%20standard%20for%20IT%20security%20Jodie%20Siganto

----

''ANSI has also being doing security analysis together with ISO. See a 2004 example 
* http://public.ansi.org/ansionline/Documents/Meetings%20and%20Events/2004%20Annual%20Conference/Presentations/Panel%20V/Deane%20-%20Panel%20V.pdf''

----

CategorySecurity