BS7799

The BS7799 consists of 10 different sections with different objectives which needs some deliberation and understanding. These sections can be summarized as below:
•    Policy on Security: The objective of this section is to provide the management directions and outlook in support of information security.
•    Organization of Resources and Assets: The objectives of this section is to mange IS in the organization; the management of the organizational security in connection with information assets and processing which are directly assessed by third parties; security responsibility in cases of outsourced information processing.
•    Control and Classifications of Asset: The objectives of this section are to prepare the list of corporate assets of the organization including information assets and ensuring proper level of security thereof.
•    Security relating to Personnel: The chief objective of this section is to mitigate the risks arising out of human error, fraud, theft, or misuse of organizational facilities; ensuring that users of information are aware of threats to information, and are ready and properly equipped to ensure the integration of the security policies in the usual course of their work; to reduce and minimize all the damage which might result from security breach and/or malfunctions of controls.
•    Environmental and Physical Security: The objectives are more or less same to the security relating to the personnel but in the context of environmental and physical security of information assets of the organization.
•    Operations and Communications Management:  The objectives include ensuring secure operations at facilities used for information processing; minimizing systems failure and down time; ensuring reliability, integrity and availability of software, information processing and communications network; protect business assets from damage; protect information by preventing loss of information.
•    Control of Access: The section objectives are to control access; prevent unauthorized person from accessing information; protection of networks; protection of computer access; detection of unauthorized and suspicious activities; enforcing security in remote access.
•    Development and Maintenance of Systems: The section aims at policies of minimizing system down times and regular maintenance including data backup.
•    Management of Business Continuity: The section objectives are to ensure un-interrupted business activities and to protect processes which are critical for business from major disasters or failures through use of backup and redundancy policies.
•    Compliance: The section aims at implementing standards, monitoring compliance all within the legal and statutory framework and finally minimizing interference from audit process.