Information security management (3): the Code of Practice for Information Security Management (BS 7799)

Information security has become very important in most organizations. An acceptable level of information security can only be introduced and maintained if the correct set of security controls, both procedural and technical, is identified, implemented and maintained. The process of identifying the most effective set of security controls can be a very complicated, resource‐intensive process. A number of large British companies have joined forces to establish a Code of Practice for Information Security Management. This document provides guidelines to any organization to identify and introduce a set of controls that will provide an acceptable level of protection to the information resources. This paper briefly discusses the BS 7799 British standard.