CAMBRIDGE, Mass. – New Forrester report, “Revised ISO 17799 Boosts Information Security Management Relevance,” Forrester explains the evolution of the latest ISO/IEC 17799:2005 standard and emphasizes it is not a catch-all, but a framework. The second version of ISO/IEC 17799 (2005 version) “provides a strong and expanded framework for information security management. However it is just a framework – it gives organization guidance about scope and breadth, but it does not provide the depth of a strong information security program,” the report states. Actually BS7799: became an ISO standard in 2000, but received strong scrutiny from large countries and although it passed, went into a five-year revision process after the first version was accepted, the report states. The latest 2005 version fixed some of the earlier version’s weaknesses in the eyes of Forrester. The report notes that the guidance is now more “actionable” and “relevant” to today’s focus on regulatory compliance. “The revised version gives more detailed guidance on risk assessment, breaks risk assessment into its own section, and references other ISO risk assessment standards.” It also includes a new section on incident management, that details reporting of information security events and weaknesses, management of security incidents, etc. ISO 17799 also integrates other ISO standards that focus on security, whereas the earlier version was an “island unto itself” as the report writer put it. The report concludes that ISO/IEC 17799:2005 is the best choice for firms looking to build an information security program because of its comprehensiveness and the fact that it is the most widely understood and adopted framework. However, the report emphasizes that it is just a framework. “Consider 17799:2005 as the framing of a house – with it, you can see what the house looks like along with the rooms, but it is up to you to put in the drywall, carpeting, plumbing and woodwork.”

Complete your profile to continue reading and get FREE access to, part of your ALM digital membership.

Your access to unlimited content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Critical information including comprehensive product and service provider listings via the Marketplace Directory, CU Careers, resources from industry leaders, webcasts, and breaking news, analysis and more with our informative Newsletters.
  • Exclusive discounts on ALM and CU Times events.
  • Access to other award-winning ALM websites including and

Already have an account?


Credit Union Times

Join Credit Union Times

Don’t miss crucial strategic and tactical information necessary to run your institution and better serve your members. Join Credit Union Times now!

  • Free unlimited access to Credit Union Times' trusted and independent team of experts for extensive industry news, conference coverage, people features, statistical analysis, and regulation and technology updates.
  • Exclusive discounts on ALM and Credit Union Times events.
  • Access to other award-winning ALM websites including and

Already have an account? Sign In Now
Join Credit Union Times

Copyright © 2022 ALM Global, LLC. All Rights Reserved.