BS 7799(1995) : AMD 9911
Superseded
A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.
View Superseded by
CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT
15-02-1998
23-11-2012
Committees responsible
Foreword
Code of practice
Introduction
Section 0. General
0.1 Scope
0.2 Information references
0.3 Definitions
Section 1. Security policy
1.1 Information security policy
Section 2. Security organization
2.1 Information security infrastructure
2.2 Security of third party access
Section 3. Assets classification and control
3.1 Accountability for assets
3.2 Information classification
Section 4. Personnel security
4.1 Security in job definition and resourcing
4.2 User training
4.3 Responding to incidents
Section 5. Physical and environmental security
5.1 Secure areas
5.2 Equipment security
Section 6. Computer and network management
6.1 Operational procedures and responsibilities
6.2 System planning and acceptance
6.3 Protection from malicious software
6.4 Housekeeping
6.5 Network management
6.6 Media handling and security
6.7 Data and software exchange
Section 7. System access control
7.1 Business requirement for system access
7.2 User access management
7.3 User responsibilities
7.4 Network access control
7.5 Computer access control
7.6 Application access control
7.7 Monitoring system access and use
Section 8. Systems development and maintenance
8.1 Security requirements of systems
8.2 Security in application systems
8.3 Security of application system files
8.4 Security in development and support environments
Section 9. Business continuity planning
9.1 Aspects of business continuity planning
Section 10. Compliance
10.1 Compliance with legal requirements
10.2 Security reviews of IT systems
10.3 System audit considerations
Annex
A. (normative) Summary of controls used in BS 7799
Index
List of references
Gives a common basis for organisations to develop, implement and measure effective security management practice. Includes the following sections: assets classification and control; physical and environmental security; computer and network management; system access control; systems development and maintenance; business continuity planning. Also gives definitions. BS AMD 9911 RENUMBERS
| Committee |
BSFD/12
|
| DevelopmentNote |
Superseded and renumbered by BS 7799-1(1995) (07/2004)
|
| DocumentType |
Standard
|
| PublisherName |
British Standards Institution
|
| Status |
Superseded
|
| SupersededBy | |
| Supersedes |
| BIP 0012-6 : 2001 | DATA PROTECTION - GUIDE TO DATA CONTROLLER AND DATA PROCESSOR CONTRACTS |
| 02/647837 DC : DRAFT OCT 2002 | PD 0026 - SOFTWARE AND SYSTEM QUALITY FRAMEWORK |
| CSA ISO/IEC TR 14516 : 2004 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR THE USE AND MANAGEMENT OF TRUSTED THIRD PARTY SERVICES |
| CAN/CSA-ISO/IEC TR 14516-04 (R2017) | Information Technology - Security Techniques - Guidelines for the use and Management of Trusted Third Party Services (Adopted ISO/IEC TR 14516:2002, first edition, 2002-06-15) |
| CSA ISO/IEC TR 14516 : 2004 : R2012 | INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR THE USE AND MANAGEMENT OF TRUSTED THIRD PARTY SERVICES |
| BIP 0012-4 : 2000 | DATA PROTECTION - GUIDE TO MANAGING YOUR DATABASE |
| BIP 0021 : 2005 | PROTEUS LITE |
| ISO/IEC TR 14516:2002 | Information technology Security techniques Guidelines for the use and management of Trusted Third Party services |
| BS 7083:1996 | Guide to the accommodation and operating environment for information technology (IT) equipment |
| BS DISC PD 0008(1996) : 1996 | CODE OF PRACTICE FOR LEGAL ADMISSIBILITY OF INFORMATION STORED ON ELECTRONIC DOCUMENT MANAGEMENT SYSTEMS |
| BS ISO/IEC TR 14516:2002 | Information technology. Security techniques. Guidelines for the use and management of trusted third party services |
| 05/30112014 DC : DRAFT JUN 2005 | BS 6079-4 - PROJECT MANAGEMENT - PART 4: GUIDE TO PROJECT MANAGEMENT IN THE CONSTRUCTION INDUSTRY |
| DD ENV 12924:1998 | Medical informatics. Security categorisation and protection for healthcare information systems |
| PD 0020:2002 | A Guide to computer-based management systems |
Access your standards online with a subscription
Features
-
Simple online access to standards, technical information and regulations.
-
Critical updates of standards and customisable alerts and notifications.
-
Multi-user online standards collection: secure, flexible and cost effective.