BS7799 ISO 17799 Security Policies Software
Callio Technologies offers ISO17799 / BS7799-2 compliancy tools as well as expertise in:
risk and gap analysis; developing codes of practice and information security management systems;
drafting security policies based on the ISO 17799 / BS7799 standard; security audits;
contingency plans; consultation and training in computer risk management.
Our first products, Callio Secura 17799, Callio Toolkit Pro and Callio Toolkit
are software that help companies comply with the BS7799 / ISO IEC 17799 information security management standard.
Based on BS7799-2 methodology, Callio Secura 17799 offers a complete set of functionalities
to help companies with risk assessment, risk management and document management for BS 7799-2 / ISO17799.
Technological solutions, equipment and products are no longer enough to ensure information security management.
Now it's imperative that companies possess effective internal controls on what happens to their information.
The solution: BS 7799 / ISO17799.
Callio Secura and Callio Toolkit: BS 7799-2 / ISO17799 compliance software, for better
management of your information security.
Français
Español
Deutsch
Italiano
Sweedish
Finnish
Polski
Romana
Русский
Turkish
Latviešu
Български
Dutch
Magyar
Portugueses
Indonesian
Slovene
Bahasa Melayu
Vietnamese
日本語
廣東話
中文(简体)
中國
한국어
Callio Technologies ISO17799 / BS7799
Callio Technologies was created in 2001
and specializes in the field of information security. Its first product, Callio Secura 17799, is software
that offers companies the opportunity to comply with the BS 7799 / ISO 17799 information security management standards.
Callio Technologies’ areas of expertise are: risk analysis; developing security codes of practice and information
security management systems; drafting security policies based on BS 7799 / ISO 17799; security audits; contingency plans;
and training in computer risk management.
Our mission: enable companies to assess, manage and reduce their computer risks. We provide software and
other tools that give you decision-making power supported by complete risk analysis.
BS7799 / ISO17799 Products and Services
Callio Secura 17799, our first product,
is a Web application that includes all a manager needs to develop, implement, manage and certify an
Information Security Management System (ISMS) based on the ISO 17799 / BS 7799-2 standard
– the best for information security management available today. With Callio Secura 17799,
you apply a practical method of developing, implementing, managing and certifying an Information Security Management System.
Software solutions for BS7799 / ISO 17799
The Callio Secura 17799 software tool is based on the BS 7799 / ISO 17799 international
information security standard. The BS7799 / ISO17799 standard defines the requirements related
to information security management systems. Its purpose is to enable companies to identify, treat and limit
threats to informational assets.
What is BS7799 / ISO 17799?
The BS7799 / ISO 17799 standard was developed to create a common information security
structure and cover technical, administrative and legal aspects. Through ten check points, this standard lists
the best practices and procedures companies must implement to manage their computer security well. The implementation
of the principles laid out in BS 7799 / ISO 17799 makes it possible to detect, analyze and reduce information risks.
The BS7799 / ISO17799 standard contains two parts: • ISO IEC 17799 Part 1:
The Code of practice for information security
• BS7799 Part 2 (BS7799-2):
Information security management: Specifications for guidance for use.
ISO/IEC 17799 (Part 1)
The international standard ISO/IEC 17799 was developed by the British Standards Institution
(BSI) as BS 7799. It was adopted through a special “fast track procedure” by the JTC 1
(Joint ISO/IEC Technical Committee), concurrently with its approval by the national member institutes of ISO and the IEC.
ISO/IEC 17799 is presented in the form of guidelines and recommendations that were assembled following
consultations with big business. The 36 security objectives and 127 security controls contained in ISO/IEC 17799
are divided among ten domains. The following is a brief overview of each of these domains:
1. Security Policy - Provide guidelines and management advice for improving information security.
2. Organizational Security – Facilitate information security management within the organization.
ISO/IEC 17799 (Part 1)
3. Asset Classification and Control – Carry out an inventory of assets and protect these assets effectively.
4. Personnel Security - Minimize the risks of human error, theft, fraud or the abusive use of equipment.
5. Physical and Environmental Security - Prevent the violation, deterioration or disruption of
industrial facilities and data.
6. Communications and Operations Management - Ensure the adequate and reliable operation of
information processing devices.
7. Access Control - Control access to information.
8. Systems Development and Maintenance - Ensure that security is incorporated into information systems.
9. Business Continuity Management - Minimize the impact of business interruptions and protect
the company’s essential processes from failure and major disasters.
10. Compliance - Avoid any breach of criminal or civil law, of statutory or contractual requirements,
and of security requirements.
BS 7799-2 (Part 2)
BS7799 provides conditions for information security management. Comprised of the ten domains and 127
controls of the ISO 17799 standard, this reference applies to the development, implementation
and maintenance stages of an information security system. Organizations applying for certification
are evaluated according to this document.
An organization that bases its ISMS on the provisions in BS 7799 can obtain certification from
an accredited body. The organization thereby demonstrates to its partners that its system both complies with
the standard and answers the need for security measures as determined by its own requirements.
It is important to understand that an organization that obtains certification is considered ISO 17799
compliant and BS7799-2 certified.
BS 7799 Part 2 provides recommendations for establishing an efficient information security
management framework. BS 7799-2 allows the development of an Information Security Management System (ISMS).
The development and implementation stages are laid out in detail, as well as those regarding maintenance.
At audit time this document serves as the assessment guide for certification.
BS7799 phase 1: Project Initiation: Learn how to get the ISO 17799 implementation project
under way: encourage commitment from senior management, choose and train all members of the initial team
taking part in the project.
BS7799 phase 2: ISMS Definition: Identifying the scope and limits of the information security
management framework is crucial to the project. Learn to define the mandate of the ISMS and to assemble
the organization's existing security documents.
BS7799 phase 3: Risk Assessment: Learn why risk assessment is basic to the implementation of an
information security management framework. 1) Diagnosis of the level of compliance with ISO 17799
2) Evaluation of the assets to be protected and creation of an assets inventory 3) Identification and evaluation
of threats and vulnerabilities 4) Calculation of the associated risk value.
BS7799 phase 4: Risk Treatment: Learn to identify and assess available options for treating risk.
Learn how to reduce risk to an acceptable level by selecting and implementing controls.
BS7799 phase 5: Training and Awareness: Employees may represent a weak link in the security chain.
Learn how to set up an information security awareness program.
BS7799 phase 6: Audit Preparation: Learn how to authenticate your management framework and to prepare
for the visit of an internal auditor for BS 7799-2 certification.
BS7799 phase 7: Audit: Learn more about the steps carried out by external auditors and about BS 7799-2
accredited certification bodies.
BS7799 phase 8: Control and Continual Improvement: Learn how to improve the effectiveness of your
ISMS in accordance with the management model recognized by ISO.
Available software tools and resources
A range of information security products and services are currently available on the market. Many are based
on physical safeguards (locks, gates, fences, extinguishers, guards, etc.) and technical controls (firewalls,
biometrics, encryption, etc.). When it comes to adopting administrative safeguards, however, often companies
forget how important these are.
But information security isn’t complete without the development and publication of security policies and
procedures, or employee awareness and training programs, to name only those. Information security is really
an ongoing risk management process and therefore requires tools that meet these needs.
Beyond any doubt, ISO 17799 offers what companies need in order to better manage information security.
The best way to implement this standard is to ease the process using multi-user software that will collect
the information required and that contains the principal tools that will be needed along the way.
Start with a simple and efficient risk assessment tool that generates recommendations based on
the ISO 17799 code of practice for each of the informational contexts identified.
Add to that a complete methodology, compliance questionnaires, a security policy generator,
an integrated document manager, examples, templates and information guides regarding the
implementation and audit of ISO 17799 controls, and managers will quickly understand
that such a tool can save the company much time and money. This software exists: it is a Web
application called Callio Secura 17799, created by Callio Technologies. A demo
version of Callio Secura 17799 can be obtained at this address.
|