Contact Us
Sign In / Sign Up for FREE
Go to advanced search...

Information Security Management of BS 7799 - Case Study Example

Comments (0) Cite this document
This paper "Information Security Management of BS 7799" focuses on the fact that BS 7799 is the most influential globally recognised standard for information security management systems around the world. Security and safeguard of information were handled very informally till the ’90s. …
Download full paperFile format: .doc, available for editing
GRAB THE BEST PAPER94.6% of users find it useful
Information Security Management of BS 7799
Read TextPreview

Extract of sample "Information Security Management of BS 7799"

Download file to see previous pages Originally BS 7799 had the status of a Code of Practice. However, in April 1999, it became a formal two-part standard. Part 1 (the original Code of Practice) of the revised BS7799 standard was re-titled "Code of Practice for Information Security Management" and provides guidance on best practices in information security management.  Part 2, titled "Specification for Information Security Management Systems", forms the standard against which organisations own security management systems were to be assessed and certified.
In 1993 UK-DTI in collaboration of a number of UK based companies introduced the ISM Code of Practice incorporating the best information security practices in use like the computer data, written spoken or microfiche.

The primary goal of the Code of Practice was to provide a common basis for organisations to develop, implement, and measure effective information security management practice. Also, the aim was to provide confidence in inter-organisational dealings i.e registry/ registrar interactions.
The gradual development occurred as follows:
  • Consultation (1993-1995)
  • COP Becomes BS7799:1995 (Implementation, Audit, Programme)
  • BS7799: PART 2 ISMS
  • Recognition as a suitable platform for ISM
  • ISO/IEC 17799: 2000
In 1999, when the COP was fragmented in two parts BS7799 Part 1 which is now ISO/IEC 17799: 2000 incorporates good security practice with 127 security guidelines which can be drilled over to provide 600 other controls. While the BS 7799 Part 2 is a framework for the ISMS, a means by which senior management monitor can control their security, minimize the risks and ensure compliance. Then the third part BS 7799 Part 3 was published in the year 2005 covering risk analysis and management.

Benefits of using ISO/IEC 17799: 2000 :
Benefits of using ISO/IEC 17799: 2000:
1) Increased business efficiencies
2) Reduced operational risks
3) Gives assurance that information security is being rationally applied

These benefits are achieved by ensuring that
1) Security controls are justified
2) Policies and procedures are appropriate
3) Security awareness is good among staff and managers
4) All security-relevant information processing and supporting activities are auditable and are being audited
5) Internal audit, incident reporting/management mechanisms are being treated appropriately6) Management actively focus on information security and its effectiveness.

Understanding BS 7799: Part 1
1) Security policy ensures what an information security policy must cover and why each business should have one
2) Organisational security explains how an information security system is organised.
3) Asset clarification and control considers information and information processing equipment as valuable assets to be managed and accounted for
4) Personnel Security details any personnel issues such as training, responsibilities, vetting procedures, and how staff responded to security incidents
5) Physical and Environmental Security physical aspects of security including protection of equipment and information from physical harm, as well as physical control of access to information and equipment.  ...Download file to see next pagesRead More
Cite this document
  • APA
  • MLA
(Information Security Management of BS 7799 Case Study, n.d.)
Information Security Management of BS 7799 Case Study. Retrieved from
(Information Security Management of BS 7799 Case Study)
Information Security Management of BS 7799 Case Study.
“Information Security Management of BS 7799 Case Study”.
  • Cited: 0 times
Comments (0)
Click to create a comment or rate a document

CHECK THESE SAMPLES OF Information Security Management of BS 7799

Information security management

...?TMA01 Information security management QUESTION A Before conducting information security risk assessment, there are certain fundamental concepts thatneed to be recalled. One of them is a Threat that is defined as the probable network security breach which may occur in the future and will harm the network, as well as Information systems. The current trends in technology advancement have enabled the networks to be prevalent. People are connected at home, offices, as well as when they are travelling either via laptop or mobile phones. The evaluation is conducted to identify the severity of each information system, which deserves priority due to the value of data which needs to be protected. Both threats and vulnerabilities need...
10 Pages(2500 words)Essay

Information Security Management

The fourth step is associated with creating contingency strategies. In the fifth step, information technology contingency plan is developed. The sixth step involves training, testing, and exercise. A maintenance plan document is developed, in the seventh step. The recommended standard approach to the process is to combine the both system development and life cycle (SDLC) risk management contemplation for the process of contingency planning. 2 Incident Response Planning Steps The incident response planning is associated with detailed set of processes and procedures which mitigate, detect and foresee the scope of an unexpected event directly impacting on information resources and assets. Incident Detection Identifying the incident...
5 Pages(1250 words)Essay

Information systems security management

... included in this research. The mathematical models of business procedures and optimizing procedures are the initial interests of management scientist. A study has been conducted in order to understand e-commerce and its related opportunities that help in business firms through the Internet. This will help the firms to achieve more effective and successful business operations. 5.2 Behavioral Approaches The information system researchers are initially interested in the behavioral area of e-commerce. This is due to the implications of it for the organizations and industry chains, industry value stores, firm’s infrastructure and corporate methodologies. The technical and behavioral techniques are present in information technology systems...
6 Pages(1500 words)Research Paper

Successful information security management

...? Full Paper Introduction Successful information security management involves an amalgamation of prevention, detection and response in order to deploy a strong security defense. Security has become an encircling issue for designers and developers of the digital world (Conklin, White, Cothren, Williams, & Davis, 2004). A system should also be able to counter incidents and raise proper procedures in case an information security incident occurs. Information security incident handling takes a stride forward in the information security management procedure. The aim is to provide a reference for the management, administration and other technical operational staff. If considering the Internal Revenue Service, focus on executing management actions...
9 Pages(2250 words)Research Paper

Information security management

...TMA02- M886 Information Security Management Table of Contents Part A: Presentation of Findings for the Organizational Assessment of Information Security Risks- Report to Accounting Company Senior Manager 3 A. Description of Process 3 B. Explanation/Justification for Choices 5 C. Threats and Vulnerabilities Analysis 5 D. Gap Analysis 7 E. Treatment of Threats/Risks 7 Part B: Critical Assessment of the Process Used to Arrive at Assessment of Information Security Risks, and the Information the Process Has Provided About the Organization 9 A. Evaluation of Process 9 B. Evaluation of Results 10 C. Process Improvement Suggestions 11 D. Suggestions for Further Work 12 Works Cited 14 Part A: Presentation of Findings for the Organizational...
10 Pages(2500 words)Essay

Information Security Risk Management

...Information Security Risk Management Introduction Information security is the protection of information for business continuity as it is fundamental for maximizing the business opportunities and return on investment. Information security and risk management has become a critical business discipline with sales, marketing, financial management and Human resource. 2. Literature Risk management and its role in the organization Risk was called as a main cause for uncertainty in the business organizations. Therefore, business companies focus upon the risk identification, and manage it before these risks impact the business decisions. Organizations having control over risk management can compromise confidently for future decisions. Organization...
2 Pages(500 words)Case Study

Information Security Management

...Information Security Management Table of Contents Table of Contents 2 Introduction 3 Findings 3 Strengths 3 Weaknesses 4 Opportunities 4 Threats 5 Policy Considerations 5 Software Tools 6 Certifications 6 6 Techniques and Methods 6 Conclusion 7 References 9 Introduction In present scenario, technological factor is identified to be one of the important considerations for the modern organisations to conduct their respective operations with better flow and sharing of information as well as ideas. In this regard, based on the provided case, a large international organisation operating in Perth Central Business District realised that increased usage of technologies has certainly raised the amount of data circulated in a business. Contextually...
5 Pages(1250 words)Research Paper

Information security management framework

...Topic: Information Security Management Framework Security Policies, Standards and Guidelines So that information can be protected, organizations and businesses are supposed to execute regulations and controls concerned with safeguarding of information as well as the systems used for the storage and processing the information. This is typically achieved through executing information security policies along with standard and guidelines. In this context, security policies are usually written documents, which are supposed to lay out the precise requirements or rubrics that must be adhered to by the employees. It is an overall description of the permissible and impermissible conducts of the employees in the workplace concerning how information...
1 Pages(250 words)Research Paper

Information Security Management

...Information Security Management Insert Insert Question Consider the diagram above from the Systems Security Engineering Capability Maturity Model (SSE-CMM) security management framework. a) Outline and explain how the GhostNet case study may have seen impacts affecting each one of the components in the framework diagram above. According to GhostNet case study, improper elucidation of the system requirements may impact on the design of the system significantly affecting the user interface. The result may lead to attackers using the interface to send input and receive results especially from systems that are compromised The GhostNet systems also facilitate downloading of a Trojan called Ghost Rat that enables attackers have control...
1 Pages(250 words)Assignment

Information Security Management

Security is a group of activities that include the policies, measures, and actions which are utilized to stop unlawful access or alteration, theft, and physical damage to information or computer. Security can be supported by an assortment of techniques and tools to safeguard computer hardware, software communications networks, and data (Laudon & Laudon, 1999, p. 502). In the modern age of information technology, there are many threats happened for organizational information. We need a security model that has the ability to manage and secure our information reserves. Technical administrative safety /security measures like security plans, actions and techniques are the main practices for the organizational information security m...
10 Pages(2500 words)Research Paper
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.

Let us find you another Case Study on topic Information Security Management of BS 7799 for FREE!

Contact Us