What’s ISO 17799?

Print anything with Printful



ISO 17799 is an outdated information security standard that was revised in 2005 and renumbered as ISO/IEC 27002 in 2007. It covers topics such as security policies, access control, risk assessment, and incident management. The standard is part of the ISMS Family of Standards and is intended to guide information management personnel in establishing security systems.

ISO 17799 is an outdated standard for information security adopted by the International Organization for Standardization (ISO) in 2000. The code of practice, derived from the British Standard known as BS7799, described best practices relating to the confidentiality, integrity and availability of information within of an organization. Officially known as ISO/IEC 17799, the standard was intended to guide information management personnel tasked with establishing security systems. Topics covered included defining information security terms, classifying types of information, describing minimum requirements, and suggesting appropriate responses to security breaches.

In 2005, technological advances required revisions to ISO 17799 to align with current practices and capabilities. It is ISO’s common practice to review standards every few years to ensure that guidelines, codes of practice and standards are relevant and reflect current technologies and international business philosophies. As a result of the 2005 revisions, ISO 17799 became known as ISO/IEC 17799:2005. To help differentiate between various incarnations of ISO 17799, the original standard became known as ISO/IEC 17799:2000.

In 2007, ISO and the International Electrotechnical Commission (IEC) renumbered the ISO 17799 standard, labeling it ISO/IEC 27002. Often referred to as the ISMS Family of Standards, the ISO 27000 series deals entirely with Safety Management Systems in Information, or ISMS. The renumbering of ISO 17799 allowed ISO/IEC officials to group future security standards into a guideline category for easy reference. There have been few changes to the standard in 2007 as the choice to renumber it was purely an administrative change to accommodate anticipated future needs.

Since its inception, ISO 17799 has addressed issues such as security policies, access control, defining information types, developing information systems and assessing risks. Organizational leaders could use ISO 17799 as a guide for developing information systems and ensuring the security of such systems. Additional guidelines related to the acquisition of existing systems, as is often the case during business mergers, described steps to maintain information security without limiting access to key personnel. Recommendations for developing security practices as well as dealing with instances of security breaches were also included in the first ISO 17799.

Originally, the full ISO 17799 standard included eleven topic-specific sections. These sections included security policy, information security organization, asset management, human resource security, physical and environmental security, communications and operations management, access control, information systems procurement, incident management, continuity management business and compliance. ISO/IEC 27002 included an additional topic section, just after the introductory sections, which exclusively covered risk assessment. All other topic-specific sections have remained intact, but have included relevant updates and revisions.

Asset Smart.




Protect your devices with Threat Protection by NordVPN


Skip to content