BS7799-3 Security Risk Management Standard Released Today

The new BS IS security standard, BS7799-3 has been published this
morning. This is officially titled "Guidelines for Information Security
Risk Management", and is deigned to support the general ISMS standard,
ISO 27001, and the code of practice, ISO 17799, which were
published/updated last year.

Whilst ISO27001 covers all aspects of an ISMS, BS7799-3 focuses upon
risk specifically, including:
- assessment/eval of risks
- implementation of controls to address them
- review & monitoring
- maintenance/improvement of the overall control system.

The document is organized as follows:
1. Scope
2. Normative references
3. Terms + definitions
4. IS risks in the organizations context
5. Risk assessment
6. Risk treatment and management decision making
7. Ongoing risk management


The new standard is now available for the main BSI store, 'Standards
Direct':
http://17799.standardsdirect.org/bs7799.htm

Or as part of a special edition of the ISO 17799 Toolkit:
http://www.27005.net


For further information on BS7799, the following references sites may
assist:
http://www.thewindow.to/bs7799/
http://www.17799.com


I hope this is of interest.



Sue
The ISO 17799 Newsletter
http://17799-news.the-hamster.com