A detailed security standard that is organized into the following areas: asset classification and control; business continuity planning; compliance; computer and operations management; personnel security; physical and environmental security system access control; security organization; security policy; and system development and maintenance.
Because ISO 17799 is very thorough, it requires a methodical and measured approach to system security as well as access to essential tools and products. To assist firms and agencies wanting to improve their ISO 17799 compliance status, a directory can be found at http://www .iso17799software.com/index.htm. The latter provides links to products and tools geared to making the compliance process less difficult and including downloadable trial versions.
Risk Associates. ISO 17799: What is it? [Online, 2004.] Risk Associates Website. http://www.iso17799software.com/index.htm.