Home > Compliance > ISO 17799 Compliance
Print PagePrint this Page

ISO 17799 Compliance


What is ISO 17799?
ISO/IEC 17799 is an information security standard published and most recently revised in 2005. The current standard (ISO/IEC 17799:2005) establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. It is a voluntary international standard that has achieved worldwide recognition and acceptance as a best practice for information security and regulatory compliance. ISO 17799 Compliance

Who is affected by ISO 17799?
A number of enterprises have chosen to use ISO 17799 as their governing framework for information security regulatory compliance. Although ISO 17799 is voluntary, companies and organizations that elect to follow the standard must comply with it.

What are the requirements of ISO 17799?
ISO 17799 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities. Organizations that have elected to use the standard as their governing framework must address twelve security domains. ISO 17799 contains best practices of control objectives and controls in the following areas of information security management:
  1. Risk assessment and treatment
  2. Security policy
  3. Organization of information security
  4. Asset management
  5. Human resources security
  6. Physical and environmental security
  7. Communications and operations management
  8. Access control
  9. Information systems acquisition, development, and maintenance
  10. Information security incident management
  11. Business continuity management
  12. Compliance
The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO 17799 Section A.10.3 (System Development and Maintenance - Cryptographic Control) requires a policy on the use of cryptographic controls, the use of encryption and digital signatures to protect critical information, and an encryption key management system:
A policy on the use of cryptographic controls for the protection of information shall be developed. (Sec. A.10.3.1)
Encryption shall be applied to protect the confidentiality of sensitive or critical information. (Sec. A.10.3.2)
Digital signatures shall be applied to protect the authenticity and integrity of electronic information. (Sec. A.10.3.3)
A key management system based on an agreed set of standards, procedures, and methods shall be used to support the use of cryptographic techniques. (Sec. A.10.3.5)
How do organizations comply with ISO 17799?
Regarding data security, the ISO 17799 standard mandates solutions that guarantee data confidentiality, authenticity and integrity, as well as key management (Sec. A.10.3).

To qualify for ISO 17799 certification, an enterprise first must evaluate its existing infrastructure and practices. A report is then drafted with the relevant processes that need to be addressed. Once the needed changes have been completed, a certified ISO 17799 compliance evaluator completes the process by evaluating the business and then awarding ISO 17799 compliance if the requirements have been met.

What are the penalties for ISO 17799 non-compliance?
The ISO 17799 standard is elective, so there is no penalty for non-compliance. However, companies that choose to comply with the standard receive ISO 17799 certification. Perhaps more importantly, ISO 17799 puts companies on solid ground for compliance with the growing number of mandatory information security regulations.

How does CipherOptics help?
When you need to encrypt your data in motion, CipherOptics makes it easy. Whether you need to protect a single link, or your entire network, we eliminate the complexity of encrypting today's networks.

Our solutions combine standards-based, wire-speed encryption appliances with CipherEngine, the only policy definition and key distribution technology designed for multi-node networks. Together, they give you the highest level of data protection at the lowest total cost. CipherEngine gives you the power to protect data in motion wherever, however and whenever you want, without changes or disruptions to your network, your infrastructure, or your operations.

To see just how easy it can be to comply with the ISO 17799, call 1-877-878-6655 or feel free to ask us a question.

Learn More About:
Network Encryption
Ethernet Encryptors
IP Encryptors
CipherEngine Policy and Key Management

Helpful Resources
ISO/IEC 17799:2005 Information