Mobile Linux
App Generation ROI
IBM® developerWorks

Download TestComplete
Forums Sitemap
Weekly Newsletter

Developer Updates
Free Website Content

Articles

Forums

All Feeds

Write For Us Get Paid

Request Media Kit

Site Map

Privacy Policy
Support

USERNAME

PASSWORD

>>> SIGN UP!

Lost Password?

SERVER ADMINISTRATION

RSS

Information Security Standards

By: Bruce Coker	Search For More Articles! Disclaimer Author Terms
Rating: / 1
2008-08-20

Table of Contents:

Information Security Standards

ISO/IEC27000 Series

NIST SP800 Series

ISF Standard of Good Practice for Information Security

	ADD THIS ARTICLE TO:
	Del.ici.ous	Digg
	Blink	Simpy
	Google	Spurl
	Y! MyWeb	Furl

Email Me Similar Content When Posted

Add Developer Shed Article Feed To Your Site

Email Article To Friend

Print Version Of Article

PDF Version Of Article

Information Security Standards

(Page 1 of 4 )

If you deal with information security systems, either as a seller or as a purchaser, you need to be aware of information security standards. This article explains what they are, why they are important, and walks you through the best known information security standards in the field.

What are they and why do they matter?

Anyone responsible for designing or implementing information security systems knows that it can sometimes be difficult to demonstrate the effectiveness of their solutions, either to their organization's decision makers, or to its clients. Decision makers need to know that the budgets they assign are being directed at worthwhile targets, while clients demand the sense of confidence that comes with knowing their sensitive data and confidential details are in safe hands.

While an unblemished security record is important, it will only go so far in fulfilling this requirement. After all, it only takes one breach to knock a hole in that record. And how does a new organization with no history to speak of show that it takes security seriously?

This is where information security standards come in. Just like quality control standards for other industrial processes such as manufacturing and customer service, information security standards demonstrate in a methodical and certifiable manner that an organization conforms to industry best practices and procedures.

There are currently three primary standards in place governing information security. There are slight differences of emphasis between them, but all three address the same primary requirement to codify a quality controlled approach. First among equals is the ISO/IEC27000 series of standards. Bearing the internationally prestigious names of the International Organization for Standardization and the International Electrotechnical Commission, this is the most recognizable standard. Secondly, there is the NIST SP800 group of standards, overseen by the National Institute of Standards and Technology. And finally there is the Information Security Forum's Standard of Good Practice for Information Security.

Next: ISO/IEC27000 Series >>

More Server Administration Articles
More By Bruce Coker

Comments On: Information Security Standards

>>> Be the FIRST to comment on this article!

SERVER ADMINISTRATION ARTICLES

- Processes in the UNIX Shell
- Migrating from Windows to Wine
- Wine: Not Another Emulator
- Preventive Measures to Block SSH Attacks
- Monitoring Temperatures with Cacti
- Cacti: RRDTool-based Graphing Solution
- Network Magic 5.0 Review
- Netfilter and Iptables Overview
- Installing and Configuring Squid
- Clickfree PC Backup Systems Compared
- Squid, the Caching Proxy
- Regular Expressions in the Unix Shell
- Source Code Version Control Solutions
- OTRS: Open Source Ticket Request System
- Clonezilla: Free Mass Disk-Cloning Utility
Find More Server Administration Articles