Import your blogger posts and comments now. Great!

It’s a great news to find that wordpress.com has provided a “import” function so that you can import your posts and comments at blogspot.com into wordpress.com. It will be a great move to lock down wordpress.com users. It does work! Really.

BS7799, ISO17799, ISO27000 Series

Refer to the post at 17799.com forum by Calvin, the following information about BS7799 and relevant standards is summarized “as is”:

• ISO27001 is to be the replacement for BS7799-2 by the end of year 2005
• ISO 17799:2005 will be renamed in year 2006 or 2007 as ISO/IEC 27002

A new standard for BS7799 series:

• BS 7799-3:2005 – information security management systems – guidelines for information security risk management” is a new British Standard due for release in December 2005

The new ISO27000 series will have five parts:

• ISO 27000 will formally define the specific technical vocabulary used in these standards;
• ISO 27001 will be the ISO version of BS 7799-2, the certification standard (due for full release in November 2005, already available as a final draft);
• ISO 27002 will be the renamed and updated version of ISO 17799:2005 (to be released in 2006 or 2007);
• ISO 27003 will contain guidance for those implementing the ISO 27000-series standards;
• ISO 27004 will be a new Information Security Management Metrics and Measurement standard to help measure the effectiveness of information security management system implementations (currently in draft);
• ISO 27005 will be the ISO version of BS 7799-3

ISO 27001 Published Today

From “comp.security.misc“, by Sue Thomas:

ISO 27001 has, after months in final draft, finally been published as an official ISO standard.

This particular standard defines an ‘Information Security Management System’ (commonly known as an ISMS), and compliments the existing ISO 17799 standard. It basically specifies a best practice framework for the design and maintenance of information security processes within anorganization.

The two standards are closely aligned and interlinked, but have very distinct roles:

ISO 17799
This lists many hundreds of individual and detailed security controls, which may be selected as part of the security management system.

ISO 27001
This specifies the overall requirements for the security management system itself. It is this document, as opposed to 17799, against which a certification route is offered. ISO 27001, which was built upon an earlier version of BS7799, has also been made more compatible with other management standards.

THE GLOBAL IMPACT
The publication of the new standard is likely to herald a rapid increase in interest in both information security generally and
certification specifically. Organizations already certified via BS7799-2 will take a transitional route, whereas the international
status of the new standard is certain to have an impact on the numbers following the certification or compliance route.

This has already started to manifest itself in terms of the record number of pre-orders for the new standard, and the recent membership increases of the Online ISO 17799 User Group (located at http://www.17799.com).

OFFICIAL SOURCES
The new standard can be obtained via: StandardsDirect (BSI): http://17799.standardsdirect.org

It will also be available via SNV shortly from the following page: Standards Online:
http://www.standards-online.net/InformationSecurityStandard.htm

Finally, the support kit for the standard has also been updated to reflect todays changes: http://www.17799-toolkit.com

FURTHER INFORMATION
Additional information on both these standards can be obtained from the ISO 17799 News website at:
http://17799-news.the-hamster.com