Security management is the set of functions that protects an organization, its property, staff, telecommunications networks and systems from unauthorized access by persons, acts, or influences, which includes many sub functions, such as creating, deleting, and controlling security services and mechanisms; distributing security-relevant information; reporting security-relevant events; controlling the distribution of cryptographic keying material; and authorizing subscriber access, rights, and privileges.
ISO/IEC 17799:2000 is a set of controls and best practices that provides information for implementing information security within an organization. It can be seen as a basis for developing security standards and management practices within an organization to improve the reliability of information security and the security of inter-organizational relationships.
The standard was originally issued in two parts during 1999:
The ISO 17799 was published in 2000 and updated in June 2005; the original BS 7799 was revised and reissued in Sept 2002.
ISO 17799 is a detailed security standard organized into ten major sections,
each covering a different topic and set of objectives. Within each section are
the detailed statements that comprise the standard. Below is a list of the
topics detailed in the standard:
ISO 17799 Portal <http://17799.denialinfo.com/>
Software Directory, ISO 17799 History Presentation <http://www.iso17799software.com/presentation/sld005.htm>