ISO 17799: "Best Practices" in Information Security Management?

To protect the information assets of organizations, many different standards and guidelines have been proposed. Among them, International standard ISO 17799 is one of the most prominent international efforts on information security. This standard provides both an authoritative statement on informati...

Full description

Saved in:
Bibliographic Details
Published inCommunications of the Association for Information Systems Vol. 15; p. 32
Main Authors Ma, Qingxiong, Pearson, J. Michael
Format Journal Article
LanguageEnglish
Published Atlanta Association for Information Systems 2005
Subjects
Best practice
Information management
Organizations
Security
Security management
Online AccessGet full text

Cover

More Information
Summary:To protect the information assets of organizations, many different standards and guidelines have been proposed. Among them, International standard ISO 17799 is one of the most prominent international efforts on information security. This standard provides both an authoritative statement on information security and the procedures to be adopted by organizations to ensure information security. Security professionals claim ISO 17799 to be a suitable model for information security management and an appropriate vehicle for addressing information security management issues in the modern organization. However, to our knowledge, no empirical studies have been conducted to validate this standard. Based on a survey of information security professionals, we found that ISO 17799 is comprehensive, but not parsimonious.
ISSN:1529-3181
1529-3181
DOI:10.17705/1CAIS.01532