An improved version of ISO/IEC 17799, which has become the e-commerce community’s international benchmark for information security management, was recently published. The new version broadens the standard’s definition of information security, providing best business practices, guidelines and general principles for implementing, maintaining and managing information in any organization, and producing and using information in any form. The new version also identifies the controls that form the starting point for information security, addressing asset management, human resources, physical and environmental security, communications and operations management, information systems acquisitions, development and maintenance, incident management, business continuity and compliance. It’s designed for all size organizations, public or private.

The revised standard recognizes that the level of security that can be achieved purely through technical means is limited. The required level of security—established through assessing the levels of risk and associated costs through breaches of security, against the costs of implementing security—should always be driven by appropriate management controls and procedures.

 …