• BS 7799(1995) : AMD 9911

    Superseded A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

    CODE OF PRACTICE FOR INFORMATION SECURITY MANAGEMENT

    Available format(s): 

    Superseded date:  15-02-1998

    Language(s): 

    Published date:  24-11-2012

    Publisher:  British Standards Institution

    Sorry this product is not available in your region.

    Add To Cart

    Table of Contents - (Show below) - (Hide below)

    Committees responsible
    Foreword
    Code of practice
    Introduction
    Section 0. General
    0.1 Scope
    0.2 Information references
    0.3 Definitions
    Section 1. Security policy
    1.1 Information security policy
    Section 2. Security organization
    2.1 Information security infrastructure
    2.2 Security of third party access
    Section 3. Assets classification and control
    3.1 Accountability for assets
    3.2 Information classification
    Section 4. Personnel security
    4.1 Security in job definition and resourcing
    4.2 User training
    4.3 Responding to incidents
    Section 5. Physical and environmental security
    5.1 Secure areas
    5.2 Equipment security
    Section 6. Computer and network management
    6.1 Operational procedures and responsibilities
    6.2 System planning and acceptance
    6.3 Protection from malicious software
    6.4 Housekeeping
    6.5 Network management
    6.6 Media handling and security
    6.7 Data and software exchange
    Section 7. System access control
    7.1 Business requirement for system access
    7.2 User access management
    7.3 User responsibilities
    7.4 Network access control
    7.5 Computer access control
    7.6 Application access control
    7.7 Monitoring system access and use
    Section 8. Systems development and maintenance
    8.1 Security requirements of systems
    8.2 Security in application systems
    8.3 Security of application system files
    8.4 Security in development and support environments
    Section 9. Business continuity planning
    9.1 Aspects of business continuity planning
    Section 10. Compliance
    10.1 Compliance with legal requirements
    10.2 Security reviews of IT systems
    10.3 System audit considerations
    Annex
    A. (normative) Summary of controls used in BS 7799
    Index
    List of references

    Abstract - (Show below) - (Hide below)

    Gives a common basis for organisations to develop, implement and measure effective security management practice. Includes the following sections: assets classification and control; physical and environmental security; computer and network management; system access control; systems development and maintenance; business continuity planning. Also gives definitions. BS AMD 9911 RENUMBERS

    General Product Information - (Show below) - (Hide below)

    Committee BSFD/12
    Development Note Superseded and renumbered by BS 7799-1(1995) (07/2004)
    Document Type Standard
    Publisher British Standards Institution
    Status Superseded
    Superseded By
    Supersedes

    Standards Referenced By This Book - (Show below) - (Hide below)

    BIP 0012-6 : 2001 DATA PROTECTION - GUIDE TO DATA CONTROLLER AND DATA PROCESSOR CONTRACTS
    02/647837 DC : DRAFT OCT 2002 PD 0026 - SOFTWARE AND SYSTEM QUALITY FRAMEWORK
    CSA ISO/IEC TR 14516 : 2004 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR THE USE AND MANAGEMENT OF TRUSTED THIRD PARTY SERVICES
    CAN/CSA-ISO/IEC TR 14516-04 (R2017) Information Technology - Security Techniques - Guidelines for the use and Management of Trusted Third Party Services (Adopted ISO/IEC TR 14516:2002, first edition, 2002-06-15)
    CSA ISO/IEC TR 14516 : 2004 : R2012 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR THE USE AND MANAGEMENT OF TRUSTED THIRD PARTY SERVICES
    BIP 0012-4 : 2000 DATA PROTECTION - GUIDE TO MANAGING YOUR DATABASE
    BIP 0021 : 2005 PROTEUS LITE
    ISO/IEC TR 14516:2002 Information technology Security techniques Guidelines for the use and management of Trusted Third Party services
    BS 7083:1996 GUIDE TO THE ACCOMMODATION AND OPERATING ENVIRONMENT FOR INFORMATION TECHNOLOGY (IT) EQUIPMENT
    BS DISC PD 0008(1996) : 1996 CODE OF PRACTICE FOR LEGAL ADMISSIBILITY OF INFORMATION STORED ON ELECTRONIC DOCUMENT MANAGEMENT SYSTEMS
    BS ISO/IEC TR 14516 : 2002 INFORMATION TECHNOLOGY - SECURITY TECHNIQUES - GUIDELINES FOR THE USE AND MANAGEMENT OF TRUSTED THIRD PARTY SERVICES
    05/30112014 DC : DRAFT JUN 2005 BS 6079-4 - PROJECT MANAGEMENT - PART 4: GUIDE TO PROJECT MANAGEMENT IN THE CONSTRUCTION INDUSTRY
    DD ENV 12924:1998 MEDICAL INFORMATICS - SECURITY CATEGORISATION AND PROTECTION FOR HEALTHCARE INFORMATION SYSTEMS
    BS PD0020(2002) : 2002 A GUIDE TO COMPUTER-BASED MANAGEMENT SYSTEMS
    • Access your standards online with a subscription

      Features

      • Simple online access to standards, technical information and regulations
      • Critical updates of standards and customisable alerts and notifications
      • Multi - user online standards collection: secure, flexibile and cost effective