BS7799-3 Security Risk Management Standard Released

Share Article

The new BS security standard, BS7799-3 has been published. This is officially titled "Guidelines for Information Security Risk Management", and is intended to support the general ISMS standard, ISO 27001, which was published last year.

The new BS security standard, BS7799-3 has been published. This is officially titled "Guidelines for Information Security Risk Management", and is intended to support the general ISMS standard, ISO 27001, which was published last year.

Whilst ISO 27001 covers all aspects of an information security management system, BS7799-3 focuses upon risk, including:

  • the assessment and evaluation of risks
  • implementation of security controls to address these risks
  • review and monitoring of the risks
  • maintenance and improvement of the risk control system.

The document itself is organized as follows:

1. Scope

2. Normative refs

3. Terms/definitions

4. Information security risks in the organizational context

5. Risk assessment

6. Risk treatment and management decision making

7. Ongoing risk management

The new standard is now available for the main BSI outlet, Standards Direct:

http://17799.standardsdirect.org/bs7799.htm

Or as part of a special edition of the ISO 17799 Toolkit:

http://www.27005.net

For further information on BS7799-3, the following reference sites may assist:

http://www.17799central.com/bs7799-3.htm
http://www.thewindow.to/bs7799/

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Sara Hollins