Customer Support: +44 (0)203 327 3140

Login to i2i Subscription Intertek.com
  • There are no items in your cart
We noticed you’re not on the correct regional site. Switch to our AMERICAS site for the best experience.
Go to AMERICAS site
Dismiss alert
Please enter a keyword to search
Advanced search

AS/NZS 7799.2:2000

Superseded
Superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

View Superseded by
superseded

A superseded Standard is one, which is fully replaced by another Standard, which is a new edition of the same Standard.

Information security management Specification for information security management systems
Available format(s)

Hardcopy , PDF 1 User , PDF 3 Users , PDF 5 Users , PDF 9 Users

Superseded date

31-01-2024

Language(s)

English

Published date

31-03-2000

Publisher

Standards Australia


This Standard forms the basis for an assessment of the information security management system (ISMS) of the whole, or part, of an organization. It may be used as a basis for a formal certification scheme.

This Standard should be read in conjunction with AS/NZSISO/IEC 17799:2001, Information technology - Code of practice forinformation security management, which provides guidance on best practice insupport of the requirements of this Standard.

Application
Information is a vital asset in any organization.The protection and security of information is of prime importance to manyaspects of an organization's business. It is therefore important that anorganization implements a suitable set of controls and procedures to achieveinformation security and manages them to retain that level of security once itis achieved.

This Standard is intended for use by managers andemployees who are responsible for initiating, implementing and maintaininginformation security within their organization and it may be considered as abasis for developing organizational security standards.

With increasing electronic networking betweenorganizations there is a clear benefit in having a common reference document forinformation security management. It enables mutual trust to be establishedbetween networked information systems and trading partners and provides a basisfor the management of these systems between users and service providers.

A comprehensive set of controls comprising the bestinformation security practices currently in use is provided in this Standard.This guidance is intended to be as comprehensive as possible. It is intended toserve as a single reference point for identifying the range of controls neededfor most situations where information systems are used in industry and commerceand can therefore be applied by large, medium and small organizations.

Not all the controls will be relevant to every situation.Organizations need to undertake a risk assessment to identify the mostappropriate control objectives and controls to be implemented which areapplicable to their own needs. Once identified, these need to be recorded in astatement of applicability

The control objectives and controls recorded in thestatement of applicability, together with the policy and procedure documents andall other relevant records, are known as the organization's ISMS.

1 - AS/NZS 7799.2:2000 INFORMATION SECURITY MANAGEMENT - SPECIFICATION FOR INFORMATION SECURITY MANAGEMENT SYSTEMS
5 - Preface
7 - Contents
9 - 1 Scope
10 - 2 Terms and definitions
10 - 2.1 Statement of applicability
11 - 3 Information security management system requirements
11 - 3.1 General
11 - 3.2 Establishing a management framework
12 - 3.3 Implementation
12 - 3.4 Documentation
12 - 3.5 Document control
13 - 3.6 Records
14 - 4 Detailed controls
14 - 4.1 Security policy
14 - 4.1.1 Information security policy
14 - 4.2 Security organization
14 - 4.2.1 Information security infrastructure
15 - 4.2.2 Security of third party access
15 - 4.2.3 Outsourcing
16 - 4.3 Asset classification and control
16 - 4.3.1 Accountability for assets
16 - 4.3.2 Information classification
16 - 4.4 Personnel security
16 - 4.4.1 Security in job definition and resourcing
17 - 4.4.2 User training
17 - 4.4.3 Responding to security incidents and malfunctions
18 - 4.5 Physical and environmental security
18 - 4.5.1 Secure areas
18 - 4.5.2 Equipment security
19 - 4.5.3 General controls
19 - 4.6 Communications and operations management
19 - 4.6.1 Operational procedures and responsibilities
20 - 4.6.2 System planning and acceptance
20 - 4.6.3 Protection against malicious software
20 - 4.6.4 Housekeeping
20 - 4.6.5 Network management
21 - 4.6.6 Media handling and security
21 - 4.6.7 Exchanges of information and software
22 - 4.7 Access control
22 - 4.7.1 Business requirement for access control
22 - 4.7.2 User access management
22 - 4.7.3 User responsibilities
23 - 4.7.4 Network access control
24 - 4.7.5 Operating system access control
24 - 4.7.6 Application access control
25 - 4.7.7 Monitoring system access and use
25 - 4.7.8 Mobile computing and teleworking
26 - 4.8 Systems development and maintenance
26 - 4.8.1 Security requirements of systems
26 - 4.8.2 Security in application systems
26 - 4.8.3 Cryptographic controls
27 - 4.8.4 Security of system files
27 - 4.8.5 Security in development and support processes
28 - 4.9 Business continuity management
28 - 4.9.1 Aspects of business continuity management
28 - 4.10 Compliance
28 - 4.10.1 Compliance with legal requirements
29 - 4.10.2 Review of security policy and technical compliance
30 - 4.10.3 System audit consideration

This Standard specifies requirements for establishing, implementing and documenting information security management systems (ISMSs).

This Standard specifies requirements for establishing, implementing and documenting information security management systems (ISMSs). It specifies requirements for security controls to be implemented according to the needs of individual organizations.NOTE: AS/NZS ISO/IEC 17799 gives recommendations for best practice in support of the requirements of this specification. The control objectives and controls given in Clause 4 of this Standard are derived from and aligned with the objectives and controls listed in AS/NZS ISO/IEC 17799.

Committee
IT-012
DocumentType
Standard
Pages
0
PublisherName
Standards Australia
Status
Superseded
SupersededBy
Supersedes
UnderRevision

Standards Relationship
BS 7799-2:1999 Identical

Redesignated from AS/NZS 4444.2:2000 on 15 August 2001Under Revision see DR 02470 CP First published as AS/NZS 4444:1996.Revised and redesignated in part as AS/NZS 4444.2:2000.

AS 5017-2002 Health Care Client Identification

View more information
£46.30
Excluding VAT
GBP
CAD
CHF
CNY
DKK
EUR
GBP
HKD
IDR
INR
JPY
KRW
MXN
NOK
NZD
SEK
SGD
USD
ZAR
Hardcopy - English
PDF 1 User - English
PDF 3 Users - English
PDF 5 Users - English
PDF 9 Users - English
01
02
03
04
05
06
07
08
09
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50

Access your standards online with a subscription

Features

  • Simple online access to standards, technical information and regulations.

  • Critical updates of standards and customisable alerts and notifications.

  • Multi-user online standards collection: secure, flexible and cost effective.

Learn more on subscription solutions

or

Get in touch with us