|
BS7799 Part 1: Sections 6 to 10:
6. Personnel Security
The objectives of this section are:
To reduce risks of human error, theft, fraud or misuse of facilities; to ensure that users are aware of information security threats and concerns, and are equipped to support the corporate security policy in the course of their normal work; to minimise the damage from security incidents and malfunctions and learn from such incidents.
7. Security Organisation
The objectives of this section are:
1) To manage information security within the Company;
2) To maintain the security of organizational information processing facilities and information assets accessed by third parties.
3) To maintain the security of information when the responsibility for information processing has been outsourced to another organization.
8. Computer & Network Management
The objectives of this section are:
1) To ensure the correct and secure operation of information processing facilities;
2) To minimise the risk of systems failures;
3) To protect the integrity of software and information;
4) To maintain the integrity and availability of information processing and communication;
5) To ensure the safeguarding of information in networks and the protection of the supporting infrastructure;
6) To prevent damage to assets and interruptions to business activities;
7) To prevent loss, modification or misuse of information exchanged between organizations.
9. Asset Classification and Control
The objectives of this section are: To maintain appropriate protection of corporate assets and to ensure that information assets receive an appropriate level of protection.
10. Security Policy
The objectives of this section are: To provide management direction and support for information security.
Within each section are the detailed statements that comprise the standard.
The BSI
BS7799 Online Shop
Also ISO17799.NET
Return to first page
Copyright © 2002 C & A Systems Security Ltd
Other Standards: Orange Book
| 
