Welcome to Maxi-Pedia Forum. Maxi-Pedia discussion forum is a free community inviting you to express your ideas and discuss various topics with other contributors.

March 28, 2024, 08:17:31 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
 
   Home   Help Search Login Register  
Most Recent Posts:
Pages: [1]
  Print  
Author
Topic: 

Difference between ISO 27001 and BS 17799

 (Read 35883 times)
danisara
Sr. Member
****
Posts: 280


« on: May 14, 2009, 07:47:35 am »

Hey all,

Can anyone explain the difference between ISO 27001 and BS 17799 , please? I am trying to find out what the difference between ISO 27001 and BS 17799 is, I kinda know what ISO 27001 is, but since these standards are pretty hard to get, I can't find anything about BS 17799 and compare them. Thanks.
Logged
Maxi-Pedia Forum
« on: May 14, 2009, 07:47:35 am »

 Logged
KoonetMan
Newbie
*
Posts: 2


« Reply #1 on: May 15, 2009, 03:38:25 pm »

ISO 27001 contains requirements in establishing an information security management system.  These requirements are mandatory.  This is a "certifiable" standard.  If your organization is going for certification, the certificate would state "Company XYZ is certified to ISO 27001".

BS 17799 has been renamed to ISO 27002.  This standard supports ISO 27001 in the sense that ISO 27002 contains "guidelines" on how to implement an ISMS.

Tip: while reading through most of the ISO standards, whenever you encounter the word "SHALL" it denotes a mandatory requirement.  While the word "SHOULD" denotes a voluntary requirements.

Hence, ISO 27001 which is a requirement standard contains SHALL and ISO 27002 which is a guideline standard contains SHOULD.

PM me if you need more help.
Logged
danisara
Sr. Member
****
Posts: 280


« Reply #2 on: May 18, 2009, 03:57:11 pm »

Thanks for your explanation. When you say "mandatory" - do you mean that every business needs to have ISO? That kinda confused me. I thought ISO is voluntary.
Logged
pawel
Semi-Newbie
*
Posts: 42


« Reply #3 on: May 18, 2009, 04:03:30 pm »

Hey, here is another good explanation of the difference between ISO 27001 and BS 17799

ISO 27001
Requirements for implementing, establishing, and documenting so called ISMS (Information Security Management Systems)
Specifies requirements for security controls to be implemented according to the needs of individual organizations
ISO 27001 is aligned with ISO/IEC 17799:2005

BS 17799
BS 17799 is more of a Code of Practice or guidance or reference document
It is based on best information security practices
This defines a process to evaluate, implement, maintain, and manage information security
BS 17799 is based on BS 7799-1
Consists of 11 control sections, 39 control objectives, and 134 controls
Is not used for assessment and registration
This was later renamed to ISO 27002
« Last Edit: May 20, 2009, 07:49:12 am by pawel » Logged
yaris
Jr. Member
**
Posts: 94


« Reply #4 on: May 20, 2009, 07:21:11 am »

Here is the difference between ISO 27001 and BS 17799 explained

The official name of ISO 27001 is ISO/IEC 27001:2005 - Information technology - Security techniques - Information security management systems - Requirements. ISO 27001 is the standard that now supersedes BS 7799-2 for certification requirements. This is important - ISO 27001 relates to certification requirements for the implementation of an information security management system (ISMS). ISO 27001 lists requriements that you must satisfy in order to establish an ISMS.

Another standard related to information security is ISO 17799 which supercedes BS 7799 and which was substantially revised and published in 2005 as ISO/IEC 17799:2005. Then, this standard was later changed to ISO 27002. This standard is more of a best practice or code of practice guide for certain areas.

Summary: The very first standard related to information security was BS 7799. BS 7799 was divided into two parts: BS 7799-1 which later became ISO 17799, and BS 7799-2 which later became ISO 27001.

ISMS certification standard: BS 7799-2:2002 ---> ISO/IEC 27001:2005
Code of Practice standard: BS 7799-1:1999 ---> ISO/IEC 17799:2000 ---> ISO/IEC 17799:2005 ---> ISO/IEC 27002:2005


Note: BS 17799 or ISO 17799? It is practically the same. BS means "British Standard". British Standard 17799 was adopted by the ISO/IEC - International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). BS 7799 series of ISMS standards become ISO standards in 2005.

Cheers.
« Last Edit: May 20, 2009, 07:46:23 am by yaris » Logged
atari
Full Member
***
Posts: 121


« Reply #5 on: May 21, 2009, 11:05:32 am »

Awesome explanation, thanks!

Here is one good article on this server that talks about ISO 27001.
Logged
Eurocert
Newbie
*
Posts: 2


« Reply #6 on: June 01, 2012, 11:04:38 am »

Hey all,

Can anyone explain the difference between ISO 27001 and BS 17799 , please? I am trying to find out what the difference between ISO 27001 and BS 17799 is, I kinda know what ISO 27001 is, but since these standards are pretty hard to get, I can't find anything about BS 17799 and compare them. Thanks.


Look at the ISO certification like a project
The certification should be treated like any other project the company undertakes - appoint a project manager who can delegate tasks and set deadlines for completion. With proper management of the overall project, the end goal will never be lost.




Logged
Maxi-Pedia Forum
   

 Logged
Pages: [1]
  Print  
 
Jump to:  

Page created in 0.136 seconds with 22 queries. (Pretty URLs adds 0s, 0q)