How many IT managers tasked with the responsibility of planning a network security strategy know where to begin? Fortunately this problem has been tackled extensively and there is some very good information available, so no need to re-invent the wheel. One of the best documents on this subject is the British Standard: `Code of Practice for information Security Management` (BS7799).
BS7799 is a practical guide for managing your information security and was compiled by a group of leading companies including: British Oxygen Company, BT, Marks and Spencer, Midland Bank, Nationwide Building Society, Shell and Unilever.
Why do we need a standard?
- The code was developed in response to demand from industry and commerce, to combat a variety of threats from, for example, physical disaster, fraud and industrial espionage. The code is a valuable practical tool
- The standard provides a more rigorous basis for the management of security in an open environment, particularly in relation to electronic trade
- The standard is essential in ensuring the security of a network shared with your business partners, suppliers or customers
How does it work?
Information security management protects assets in three ways:
- Confidentiality - protecting information from unauthorised disclosure
- Integrity - safeguarding the accuracy and completeness of information
- Availability - ensuring information is available when required
The standard sets out not just what the problems are, but how to solve them
How is it implemented?
- The code describes about 100 individual security controls under 10 major security headings
- You can identify the controls appropriate to your particular business or specific area of responsibility
- Effective security measures and secure operating procedures as practised by the leading companies are set out in detail in the Code of Practice (CoP)
- The complete range of security issues is covered, from policy to compliance, including legal and contractual requirements
Editorial contacts

