Beside Common Criteria (ISO/IEC 15408:1999), another internationally accepted and recognized standard is the BS 7799 published by the British Standard Institute (BSI).
The basic difference between BS 7799-1 standard (Code of practice for Information Security Management) and earlier IT security recommendations is that it derives security requirements and actions from the organization's business goals and strategy; and the earlier, mainly product-oriented approach with the ways of determining evaluation, certification and qualification processes was replaced by an approach focusing on IT security management on the organizational level. Instead of determining requirements, the BS 7799 standard puts down a system of aspects of organization and regulation required for full-scoped IT security, in a similar way as ISO 9000 does it in the field of quality assurance.
Print page
