ISO/IEC 17799 Standard’s Intended Usage and Actual Use by the Practitioners
نویسنده
چکیده
The ISO/IEC 17799 standard (2005) is commonly viewed as a necessary element in information security management. However, there is no empirical evidence of the usefulness of the standard in practice. To study this issue, this study analyses the implementation experiences of four organisations that have implemented the ISO/IEC 17799 (2005) standard. Through semi-structured interviews, the results of the study suggest that the standard served the needs of the small and medium-sized enterprises well and its intended usage correlates quite well with small and medium-sized organisations’ practice.
منابع مشابه
Implementing the ISO/IEC 17799 standard in practice - experiences on audit phases
This paper introduces implementation experiences on the ISO/IEC 17799 standard. The early implementation phase showed that there was resistance to change. The study revealed that lack of information was the root cause on that. Solution for this problem is proactive communications and use of internal advocates. All interviewees shared the same view that the ISO/IEC 17799 fits well with the exist...
متن کاملInformation Security governance: COBIT or ISO 17799 or both?
This paper investigates the coexistence of and complementary use of COBIT and ISO 17799 as reference frameworks for Information Security governance. The investigation is based on a mapping between COBIT and ISO 17799 which became available in 2004, and provides a level of 'synchronization' between these two frameworks.
متن کاملISO 17799: "Best Practices" in Information Security Management?
To protect the information assets of organizations, many different standards and guidelines have been proposed. Among them, International standard ISO 17799 is one of the most prominent international efforts on information security. This standard provides both an authoritative statement on information security and the procedures to be adopted by organizations to ensure information security. Sec...
متن کاملPractical implementation of an ISO 17799- compliant information security management system using a novel ASD method
This paper discusses the practical implementation of the Agile Security Development (ASD framework and presents a case study that reviews the process of building an information security management system utilizing the framework. The case study reveals the action steps for a small and medium-sized organization to utilize the method. The ASD framework and its output is fully ISO/IEC17799 complian...
متن کاملSarbanes-Oxley: Achieving Compliance by Starting with ISO 17799
Compliance with the Sarbanes–Oxley Act of 2002 (SOX) has been hampered by the lack of implementation details. This article argues that IT departments that have implemented ten categories of IT controls provided by the International Standards Organization (ISO 17799) will be well on their way toward SOX compliance. A side-by-side comparison of the 124 control components of the ISO Standard and t...
متن کامل