The British Standards Institute (BSi) has updated the BS7799
security standard in a move to encourage businesses to establish
processes for managing IT security.
Speaking at the launch of the new standard, e-commerce minister
Stephen Timms said: "Information security management will more
readily be mainstreamed as a business issue rather than being
marginalised as a technical issue. It will help senior management
take an active interest in how their online businesses are
secured."
The new version of the standard promises to make it easier for
businesses to acquire BS7799 certification. It is also designed to
integrate more closely with other business management standards,
such as the ISO 9001 quality standard.
BS 7799: Part 2 adds a "plan-do-check-act" process to the original
BS7799 standard. The BSi said this provides businesses with a
management system approach to developing, implementing and
improving the effectiveness of an organisation's information
security management system:
The standard supports the following process:
- Plan - business risk analysis
- Do - internal controls to manage the applicable risks
- Check - a management review to verify effectiveness
- Act - action as necessary
According to the BSi the revised standard has improved the
definition and clarification of the links between the risk
assessment process, the selection of controls, and the contents of
the Statement of Applicability. It also includes guidance on how to
use the new edition.
Related
article:
E-commerce minister calls for business to take responsibility
for Net security >>