Speaking at the launch of the new standard, e-commerce minister Stephen Timms said: "Information security management will more readily be mainstreamed as a business issue rather than being marginalised as a technical issue. It will help senior management take an active interest in how their online businesses are secured."
The new version of the standard promises to make it easier for businesses to acquire BS7799 certification. It is also designed to integrate more closely with other business management standards, such as the ISO 9001 quality standard.
BS 7799: Part 2 adds a "plan-do-check-act" process to the original BS7799 standard. The BSi said this provides businesses with a management system approach to developing, implementing and improving the effectiveness of an organisation's information security management system:
The standard supports the following process:
- Plan - business risk analysis
- Do - internal controls to manage the applicable risks
- Check - a management review to verify effectiveness
- Act - action as necessary
According to the BSi the revised standard has improved the definition and clarification of the links between the risk assessment process, the selection of controls, and the contents of the Statement of Applicability. It also includes guidance on how to use the new edition.
E-commerce minister calls for business to take responsibility for Net security >>