Network Encryption from CipherOptics
 
 
 Company Overview
 Executive Team
 Board of Directors
 Executive Advisory Board
 Newsroom
 In the News
 Tradeshows & Events
 Industry News
 Trophy Room
 Press Releases
 Careers
 Solutions Overview
 Network Encryption
 MPLS Network Security
 Metro Ethernet Security
 International Data Protection
 Network Security & Data Protection
 Disaster Recovery
 Ethernet Encryption
 Point-to-Point Encryption
 Real-time & High-volume Applications
 Secure Information Sharing
 Products Overview
 CipherEngine™
 Security Gateways
 Service Offerings
 Resource Center
 Compliance Overview
 HIPAA Compliance
 Sarbanes-Oxley Compliance
 GLBA Compliance
 CA SB 1386 Compliance
 PCI DSS Compliance
 Basel II Compliance
 FERPA Compliance
 FFIEC Compliance
 ISO 17799 Compliance
 NERC Cyber Security
 Government Overview
 Government Regulations
 FISMA Compliance
 DoD 8100.2 Compliance
 NISPOM Compliance
 DCID 6/3 Compliance
 Government Security News
 10Gig Network Encryption
 Partner Overview
 Strategic Partners
 Resellers
 Technology Partners
 Become a Partner
 Partner Portal Login
 Contact Information
 Web Contact Form
 Support
 
   

Compliance

Quick Links
Secure Information
Sharing
White Papers
CipherEngine
Resource Center
Compliance Video
Regulatory Compliance Overview Video
Watch the video
Contact Us


ISO 17799 Compliance

ISO/IEC 17799 is an information security standard published and most recently revised in 2005 by the International Organization for ISO 17799 Compliance Standardization and the International Electrotechnical Commission. The current standard (ISO/IEC 17799:2005) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. It is a voluntary international standard that has achieved worldwide recognition and acceptance as a best practice for information security and regulatory compliance. ISO 17799 explicitly embraces encryption solutions.

How does CipherOptics help?
CipherOptics CipherEngine enables Secure Information Sharing, which assures the confidentiality, authenticity, and integrity of data in motion on any network. Our approach to protecting both your network and your data is to deny access to everyone, permit by exception. With that as our driving force, our solutions provide you with both encryption and authentication of all your critical information. We use 256-bit AES encryption that is approved by the government for "sensitive but unclassified" information; our solutions authenticate networks and packets, as well as, protect data. Using the robust secure hash algorithm (SHA-1) to verify the integrity of the data, rejecting any packets that have been manipulated or altered. ISO 17799 examination requirements also call for a key management system. The CipherOptics CipherEngine [link to CE], Policy & Key Manger, offers a first-of-its-kind network overlay for the generation and distribution of policies and keys for encryption, authentication, and access control. CipherEngine Policy & Key Manager not only provides key management, it also offers the scalability needed for a comprehensive data protection solution that complies with ISO 17799. Network-wide data protection is an important part of best practices-for keeping sensitive data confidential and for complying with ISO 17799. CipherOptics Secure Information Sharing solutions enable reliable and proven method of ensuring ISO 17799 requirements for data confidentiality, integrity, and authentication.

What does CipherOptics do?
CipherOptics is the leader in network-wide encryption. Offering an innovative policy and key management solution, coupled with high speed, low latency encryption technology, CipherOptics helps their customers mitigate the risk of data leakage, loss and theft over any network.

Who is affected by ISO 17799?
In the wake of ever-growing information security regulations, enterprises are seeking an overarching framework for compliance. Enterprises in healthcare, finance, education, retail, and many other industries are subject to multiple regulatory mandates. Many of these regulations contain common control objectives.

A number of enterprises have chosen to use ISO 17799 as their governing framework for information security regulatory compliance. Those companies and organizations electing to follow this voluntary standard must comply with it.

What are the requirements of ISO 17799?
ISO 17799 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities. Organizations that have elected to use the standard as their governing framework must address twelve security domains. ISO 17799 contains best practices of control objectives and controls in the following areas of information security management:
Risk assessment and treatment
Security policy
Organization of information security
Asset management
Human resources security
Physical and environmental security
Communications and operations management
Access control
Information systems acquisition, development, and maintenance
Information security incident management
Business continuity management
Compliance
The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO 17799 Section A.10.3 (System Development and Maintenance - Cryptographic Control) requires a policy on the use of cryptographic controls, the use of encryption and digital signatures to protect critical information, and an encryption key management system:
A policy on the use of cryptographic controls for the protection of information shall be developed. (Sec. A.10.3.1)
Encryption shall be applied to protect the confidentiality of sensitive or critical information. (Sec. A.10.3.2)
Digital signatures shall be applied to protect the authenticity and integrity of electronic information. (Sec. A.10.3.3)
A key management system based on an agreed set of standards, procedures, and methods shall be used to support the use of cryptographic techniques. (Sec. A.10.3.5)
What are the penalties for ISO 17799 non-compliance?
Compliance with the ISO 17799 standard is elective, so there is no penalty for non-compliance. But compliance can result in ISO 17799 certification, and perhaps more importantly, it puts the enterprise on solid ground for compliance with the growing number of information security regulations it faces.

How do institutions comply with ISO 17799?
The following steps are necessary for ISO 17799 compliance and certification. An enterprise evaluates its existing infrastructure and practices. A report is drafted with the relevant processes that need to be addressed. Once the needed changes have been completed, a certified ISO 17799 compliance evaluator completes the process by evaluating the business and then awarding ISO 17799 compliance.

Regarding data security, the ISO 17799 standard mandates solutions that guarantee data confidentiality, authenticity, and integrity as well as key management (Sec. A.10.3).

Helpful Resources
ISO/IEC 17799:2005 Information