(PRWEB) March 18, 2006
The new BS security standard, BS7799-3 has been published. This is officially titled "Guidelines for Information Security Risk Management", and is intended to support the general ISMS standard, ISO 27001, which was published last year.
Whilst ISO 27001 covers all aspects of an information security management system, BS7799-3 focuses upon risk, including:
- the assessment and evaluation of risks
- implementation of security controls to address these risks
- review and monitoring of the risks
- maintenance and improvement of the risk control system.
The document itself is organized as follows:
2. Normative refs
4. Information security risks in the organizational context
5. Risk assessment
6. Risk treatment and management decision making
7. Ongoing risk management
The new standard is now available for the main BSI outlet, Standards Direct:
Or as part of a special edition of the ISO 17799 Toolkit:
For further information on BS7799-3, the following reference sites may assist: