« SANS OnDemand Offer for the Philippines
HCC now Delivers! »

BS 7799-3 Security Risk Standard Now Available

The new BSI security standard, numbered BS7799-3, has been released.

This is officially titled Guidelines for Information Security Risk Management, and is designed to support the general security management standard, ISO27001, which was published in October 2005.

Whilst ISO27001 covers all aspects of an information security management system, BS7799-3 focuses specifically upon risk, including the following aspects:

  • the assessment & evaluation of risks
  • implementation of security controls to address these
  • monitoring of the risks
  • maintenance of the risk control system.

The BS7799-3 document is organized as follows:

  1. Scope
  2. Normative references
  3. Terms/definitions
  4. Information security risks in the organizations context
  5. Risk assessment
  6. Risk treatment and management decision making
  7. Ongoing risk management

The standard itself is available for the main BSI outlet,

StandardsDirect:

http://17799.standardsdirect.org/bs7799.htm

Or as part of a special edition of the ISO17799 Toolkit:

http://www.27005.net

This entry was posted on Friday, March 17th, 2006 at 01:42:45 AM and is filed under Infosec, Training & Certification. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply