Contents

BS7799 – Common Practices


The BS7799 Part I and the ISO 1779 basically provides only recommendations for ISMS and are available for use to all who are responsible for the initiation, implementation and management of information security in any organization. The BS7799 implementation provides for confidence and trust in inter and intra organizational communications, dealings and trading. These provide for code of practice which was formulated on the best practices of some of the top blue chip organizations of the world. The two standards provide for 36 security objectives and 127 security controls which are the building blocks of any ISMS in any organizations.
Some of the best practiced controls are;
•    Policy document on Information Security
•    Responsibility allocation for security of information
•    Training and education on information security
•    Reporting security breaches
images/bs77992.gif•    Disaster management and continuity of business.
Some factors are very critical in nature and should be taken care of while implementing the ISMS in an organization. These are;
•    Integration of security policy and its objectives with the overall business objectives;
•    Implementation of security culture which is relevant  in the context of organizational culture;
•    Managements support and commitment to implement IS;
•    Risk understanding and management;
•    Distribution of written guidelines for the employees in respect of security policy;
•    Provision of training and education to employees;
•    Measurement of performance in quantifiable terms of the ISMS.
Security requirements in all size of organizations is derived physical security of information; statutory and contractual requirement; and lastly form those objectives and requirements of information security which the organization has, over the period of time,  developed to support its existing business operations. The contractual and statutory requirements may require the organizations to comply with the privacy laws of the country; the intellectual property laws in force; and specially safeguard of the knowledge bank of the organization.