ISO/IEC 17799:2005 released

The International Organization for Standardization (ISO) announced the release of the revised standard ISO/IEC 17799, Information technology Security techniques - Code of practice for information security management today. The revision aims mainly at addressing the information security demands of interconnected environments like mobile or wireless networks, which are exposed to a growing number of threats and vulnerabilities.

Ted Humphreys, Convenor of the ISO/IEC working group that developed ISO/IEC 17799:2005, said: “The revised version of this standard provides organizations with many state-of-the-art additions and improvements in information security best practice.

“For example, better management of security arrangements with external businesses, outsourcing and service providers, enhanced incident handling capability, dealing with problems of patch management, mobile devices, wireless technologies and harmful mobile code via the Internet, improvements in best practice managing human resources and several other new features.”

Dr. Oliver Weissmann of atsec Germany served as co-editor of the standard. Working with fellow co-editor Dr. Angelika Plate of Aexis, Dr. Weissmann reviewed more than 4500 comments about the proposed ISO 17799 standard from industry experts over the last four years. Dr. Weissmann comments on the revision: “Even though it was a slow and sometimes painful process to achieve a consensus on specific issues of the ’Code of Practice’ the idea of producing a worldwide acceptable standard which supports information security within all types and sizes of organizations was never lost within the working group. I as an employee of atsec am proud to contribute the experience atsec gained in various projects with the implementation of this standard to which atsec committed since its founding.”

atsec is proud to have played an active part in the evolution of international security standards like ISO 17799 and congratulates Dr. Weissmann on the leadership role he played in successful delivery of the 2005 revision.

Here you will find the press release made by ISO.

About ISO 17799

ISO 17799, formally known as the British Standard BS 7799, views information security management as part of a company's overall business processes. ISO 17799 provides general guidelines concerning which aspects of a business must be considered for information security management. The standard requires refinement and integration into existing business processes to set up an information security management system that supports the business goals of a company.

About atsec information security

atsec information security is the leading provider of high-quality information security services. These include laboratory services including product evaluation, as well as general consulting in a wide range of information security areas including Information Security Management Systems (ISMS), risk management, PKI consulting, privacy assessment, and security auditing. atsec information security was founded in 2000 and operates in the U.S. and Europe, including Munich, Cologne, Austin and Stockholm.

Our information security consultants have many years of experience analyzing and setting up information security management procedures for large commercial organizations.