Home of ABS Computer Technoloogy, Linux and Security Consultants Network Security solutions from our security experts Security solutions for Internet and Network technologies Some of our services for Linux, security, and hosting Contact us









Bookmark and Share

 

Best of Pittsburgh Award for Systems Engineering Consulting

 

Accept Credit Cards Online

 

ISO 17799/27002

The ISO 17799:2005 and ISO 27002:2007 are information security standards published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

ISO standard provides best practice recommendations on information security management for use by those who are responsible for initiating, implementing or maintaining Information Security Management Systems (ISMS). Information security is defined within the standard in the context of the C-I-A triad:

the preservation of confidentiality (ensuring that information is accessible only to those authorized to have access), integrity (safeguarding the accuracy and completeness of information and processing methods) and availability (ensuring that authorized users have access to information and associated assets when required).

The ISO standard contains the following twelve main sections:

  1. Risk assessment
  2. Security policy - management direction
  3. Organization of information security - governance of information security
  4. Asset management - inventory and classification of information assets
  5. Human resources security - security aspects for employees joining, moving and leaving an organization
  6. Physical and environmental security - protection of the computer facilities
  7. Communications and operations management - management of technical security controls in systems and networks
  8. Access control - restriction of access rights to networks, systems, applications, functions and data
  9. Information systems acquisition, development and maintenance - building security into applications
  10. Information security incident management - anticipating and responding appropriately to information security breaches
  11. Business continuity management - protecting, maintaining and recovering business-critical processes and systems
  12. Compliance - ensuring conformance with information security policies, standards, laws and regulations

We are happy to discuss with you our Goals and practices in establishing a defined security program for your organization.  Please contact us for more information.

  

Contact Us - Home - Site Map
© 2005-2013 ABS Computer Technology, Inc. - All Rights Reserved
SpamZapper® is the registered trademark of ABS Computer Technology, Inc.

Site Design - Marc Dorsett Graphic Artist