BS7799, ISO17799, ISO27000 Series

Refer to the post at forum by Calvin, the following information about BS7799 and relevant standards is summarized “as is”:

  • ISO27001 is to be the replacement for BS7799-2 by the end of year 2005
  • ISO 17799:2005 will be renamed in year 2006 or 2007 as ISO/IEC 27002

A new standard for BS7799 series:

  • BS 7799-3:2005 – information security management systems – guidelines for information security risk management” is a new British Standard due for release in December 2005

The new ISO27000 series will have five parts:

  • ISO 27000 will formally define the specific technical vocabulary used in these standards;
  • ISO 27001 will be the ISO version of BS 7799-2, the certification standard (due for full release in November 2005, already available as a final draft);
  • ISO 27002 will be the renamed and updated version of ISO 17799:2005 (to be released in 2006 or 2007);
  • ISO 27003 will contain guidance for those implementing the ISO 27000-series standards;
  • ISO 27004 will be a new Information Security Management Metrics and Measurement standard to help measure the effectiveness of information security management system implementations (currently in draft);
  • ISO 27005 will be the ISO version of BS 7799-3

3 Responses to BS7799, ISO17799, ISO27000 Series

  1. Why says:

    从最新的 ISO 标准系列编写来看,包括:词汇表、标准、实施指南、测评指南、认证等。

    这应该是以后 ISO 标准系列的发展趋势,在一定程度上更能比较好的去贯彻和实施。

    Thanks for zhaol providing the valuable information. You are Great!

  2. zhaol says:


    1. ISO 27000 定义系列标准中用到的技术术语
    2. ISO 27001 即ISO版本的 BS 7799-2, 用以认证的标准
    3. ISO 27002 将会是改名重新发布的 ISO17799:2005, 即 BS 7799-1 (大概在2006或2007发布);
    4. ISO 27003 将阐述ISO 27000系列标准的实施指南
    5. ISO 27004 将会阐述信息安全管理系统 (ISMS) 实施有效性的度量值和测量标准 ;
    6. ISO 27005 将会是ISO版本的 BS 7799-3
  3. zhaol says:


    • 移除9 项控制措施
    • 新增17项控制措施
    • 新增加一個章节 A13: Information security incident management
    • 重组(Regrouping)部份控制措施,使其关联性更符合逻辑、容易应用
    • 修改(Revised/Refined)部份控制措施的描述,使其更符合实际情况、容易理解
%d bloggers like this: