Consulting > Information System Security

ISO 17799 / BS7799

ISO 17799 was created as an international standard for information security and is widely accepted as the most complete security guideline. Companies that comply this standard can apply for a BS 7799 certification.  

ISO 17799 and BS7799 are organized into 10 sections:

Security policy – To provide management direction and executive support for information security within the organization

Compliance - To avoid breaching any criminal and civil law, statutory, regulatory or contractual obligations, and any security requirement

Assets and resources allocation - To help the management of information security within the organization

Asset classification and control - To help identifying assets under protection and to secure them accordingly and appropriately

Physical and environmental security - To prevent unauthorized access, damage, and interference to the office environment

Communications and operations management - To ensure the correct and continuous operation of information processing facilities

Access control - To control access to information

Business continuity management - To protect critical business processes against major failures or disasters, and to recover them within a short time in case of service break down

Systems development and maintenance - To ensure that security measures and mechanisms are built into information systems

Personnel security - To reduce the risks of carelessness, human error, misuse, fraud, theft or hijack of facilities

We assist organizations in their efforts to maintain adherence to ISO 17799 or get BS 7799 certifications. We could help implementing various solutions in the areas of performance & availability management, security management, configuration & vulnerability management and operational control.