New ISO 17799 Security Standard Published

Share Article

Following years of development, a new version of the international computer security standard, ISO 17799, is now available.

The official revision of the ISO 17799 security standard is now available. This has been under development for several years, and introduces a number of major changes to ISO17799. The old version, published initially in 2000, has been withdrawn with immediate effect.

ISO 17799 now contains eleven 'content' sections, as opposed to ten in the old version, with some existing chapters being re-worked and re-named. The new section format is as follows:

1) Security Policy

2) Organizing Information Security

3) Asset Management

4) Human Resources Security

5) Physical and Environmental Security

6) Communications and Operations Management

7) Access Control

8) Information Systems Acquisition, Development and Maintenance

9) Information Security Incident Management

10) Business Continuity Management

11) Compliance.

The new version also introduces security controls to address a variety of issues not previously covered. These include outsourcing provision and patch management. Other areas have been extended, such as employment termination, and distributed communication.

In addition to the content itself, steps have also been taken to make the standard more 'user friendly.'

Official Sources:

The following official outlet (BSI) has been updated to provide copies of the new standard:

The ISO 17799 Toolkit, the standard's support kit, has also been updated to include the new version:

For further information see the ISO 17799 Newsletter archive site at:


Sara Hollins



Share article on social media or email:

View article via:

Pdf Print

Contact Author

Sara Hollins