International Organization for Stan

International Organization for Standardization
Other influential international bodies, the International Organization for Standardization
(ISO) and the International Electrotechnical Commission (IEC), published ISO/IEC
17799:2005 [3]. These standards establish guidelines and general principles for initiating,
implementing, maintaining, and improving information security management in an
organization. The objectives outlined provide general guidance on the commonly accepted
goals of information security management. The standards consist of best practices of control
objectives and controls in the areas of information security management shown in Figure 3.2.
These objectives and controls are intended to be implemented to meet the requirements
identified by a risk assessment.
Other Organizations Involved in Standards
Other organizations that are involved in information security management include The
Internet Society [4] and the Information Security Forum [5]. These professional societies
have members in the thousands. The Internet Society is the organization home for the
groups responsible for Internet infrastructure standards, including the Internet Engineering
Task Force (IETF) and the Internet Architecture Board (IAB). The Information Security
Forum is a global nonprofit organization of several hundred leading organizations in financial
services, manufacturing, telecommunications, consumer goods, government, and other
areas. It provides research into best practices and advice, summarized in its biannual
Standard of Good Practice, which incorporates detailed specifications across many areas.
2. Information Technology Security Aspects
The various aspects to IT security in an organization thatmust be considered include the following:
• Security policies and procedures
• Security organization structure