What about ISO 17799?
Rick Cook

A reader asks: "I've been hearing about a new ISO standard 17799 which is supposed to do for security, including disaster recovery, what ISO 9000 did for manufacturing. Should we be concerned about adopting it?"

ISO 17799 isn't a standard in the sense that ISO 9000 is. The document title includes the phrase: "A Code of Practice For Information Security" and that's an accurate description -- an attempt to identify best practices in security, including business continuity and disaster recovery. It aims to provide general guidance for information security, including disaster recovery. Unlike the British Standards Institute's (BSI) 7799 standard, ISO 17799 doesn't include a part specifying how to comply with the standard, so there is technically no way that an organization can become "ISO 17799 compliant" at this time.

While the ISO 17799 document does include a lot of good suggestions for anyone who has to be concerned with security and disaster recovery, including storage administrators, it is rather expensive -- about $150 US. There are other sources of information, such as the

    Requires Free Membership to View

NIST publications on various aspects of security, which are much less expensive.

The National Institute of Standards and Technology (NIST) has a brochure about ISO 17799 available on its web site at http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf. The brochure includes a list of recommended NIST publications on security.


Rick Cook has been writing about mass storage since the days when the term meant an 80K floppy disk. The computers he learned on used ferrite cores and magnetic drums. For the last twenty years he has been a freelance writer specializing in storage and other computer issues.


This was first published in February 2002

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.