What about ISO 17799?
A reader asks: "I've been hearing about a new ISO standard 17799 which is supposed to do for security, including disaster recovery, what ISO 9000 did for manufacturing. Should we be concerned about adopting it?"
ISO 17799 isn't a standard in the sense that ISO 9000 is. The document title includes the phrase: "A Code of Practice For Information Security" and that's an accurate description -- an attempt to identify best practices in security, including business continuity and disaster recovery. It aims to provide general guidance for information security, including disaster recovery. Unlike the British Standards Institute's (BSI) 7799 standard, ISO 17799 doesn't include a part specifying how to comply with the standard, so there is technically no way that an organization can become "ISO 17799 compliant" at this time.
While the ISO 17799 document does include a lot of good suggestions for anyone who has to be concerned with security and disaster recovery, including storage administrators, it is rather expensive -- about $150 US. There are other sources of information, such as the
The National Institute of Standards and Technology (NIST) has a brochure about ISO 17799 available on its web site at http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf. The brochure includes a list of recommended NIST publications on security.
Rick Cook has been writing about mass storage since the days when the term meant an 80K floppy disk. The computers he learned on used ferrite cores and magnetic drums. For the last twenty years he has been a freelance writer specializing in storage and other computer issues.
This was first published in February 2002