Understanding the ISO 17799 Domains
Question
ISO 17799 has two parts.
The first part is an implementation guide with guidelines on how to build a comprehensive information security infrastructure and the second part is an auditing guide based on requirements that must be met for an organization to be deemed compliant with ISO 17799
What are the ISO 17799 domains? Each correct answer represents a complete solution.
Choose all that apply.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D. E.ABCE.
ISO 17799 is an information security standard that provides guidelines and best practices for organizations to establish, implement, maintain, and continually improve their information security management system (ISMS). The standard is divided into two parts:
- Part 1: Code of practice for information security management
- Part 2: Specification for information security management systems (ISMS) auditing
The first part of ISO 17799 provides a comprehensive set of guidelines and best practices for establishing and maintaining an effective ISMS. The standard is organized into ten domains, each of which addresses a specific area of information security management. These domains are:
A. Information security policy for the organization: This domain focuses on the development, implementation, and maintenance of an organization's information security policies and procedures.
B. Personnel security: This domain addresses the management of employee security, including background checks, security training, and access control.
C. Business continuity management: This domain focuses on the development and maintenance of business continuity plans to ensure the continued operation of critical business functions in the event of a disaster or other disruption.
D. System architecture management: This domain addresses the management of the design, development, and maintenance of an organization's information systems and infrastructure.
E. Access control: This domain focuses on the management of user access to information and information systems, including authentication, authorization, and accountability.
F. Physical and environmental security: This domain addresses the management of physical security measures to protect information and information systems from unauthorized access, theft, damage, or interference.
G. Operations security: This domain focuses on the management of day-to-day information security operations, including change management, incident management, and security monitoring.
H. Communications security: This domain addresses the management of secure communications, including the protection of information during transmission, and the use of encryption and other secure communication methods.
I. System development and maintenance: This domain addresses the management of the development, testing, and maintenance of information systems and software, including the management of security vulnerabilities and patches.
J. Compliance: This domain focuses on ensuring that an organization's information security management system complies with relevant laws, regulations, and standards.
The second part of ISO 17799 provides a set of requirements that an organization must meet to be deemed compliant with the standard. These requirements cover the entire information security management process, from establishing policies and procedures to monitoring and reviewing the system's effectiveness.
In summary, ISO 17799 is a comprehensive information security standard that provides guidelines and best practices for organizations to establish, implement, maintain, and continually improve their information security management system. The standard is organized into ten domains, each of which addresses a specific area of information security management. Part 2 of the standard provides a set of requirements that an organization must meet to be deemed compliant with the standard.
