British Standard 7799 Part 1 From the British Standards Institute, it is high-level security advice widely used in the United Kingdom and elsewhere. Critics contend that it makes security seem like a checklist, not a process.British Standard 7799 Part 2 Also from the British Standards Institute, BS 7799 Part 2 is similar to Part 1 but with fewer suggestions for implementation. The document says that organizations “shall” do things, not that they “should,” which means companies can be certified against it.ISO 17799 Based on BS 7799, this standard was hurriedly passed in 2000 by the Geneva, Switzerland-based International Organization for Standardization (which goes by the acronym ISO, for obscure reasons) and is currently being revised. People love it and hate it for the exact same reasons: It tells you what to do but not how to do it. Despite the fact that it’s called a standard, it functions more like a guideline, with wording that companies “should” do things, not that they “shall.” Companies cannot be certified against ISO 17799.ISO Guidelines for the Management of IT Security Known as GMITS, this is a five-part technical report from ISO. It’s currently being edited, in part to make sure it doesn’t contradict ISO 17799. NIST Special Publication 800-14 This document gives Generally Accepted Principles and Practices for Securing Information Technology Systems from the U.S. National Institute of Standards and Technology. This set of guidelines is based on BS 7799, but it is more detailed. Other related NIST Special Publications are 800-12, The Computer Security Handbook; and 800-26, The Security Self-Assessment Guide for Information Technology Systems.Generally Accepted Systems Security Principles Known as GASSP, this standard being created by the Information Systems Security Association aims to be security’s answer to the Generally Accepted Accounting Principles from the Financial Accounting Standards Board, which is widely used in the United States. GASSP is being renamed the Generally Accepted Information Security Principles (GAISP). Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe