Combination of Information Security Standards to Cover National Requirements

The need for Information Security in organizations, regardless of their type and size, is being addressed by emerging standards and recommended best practices. The various standards and practices which evolved in recent years and are still being developed and constantly revised, address the issue of Information Security from different angles. This paper attempts to provide an overview of Information Security Standards and Practices by briefly discussing some of the most popular ones. Through a comparative study of their similarities and differences, some insight can be obtained on how their combination may lead to an increased level of Information Security.

• Sh. Ladan
• A. Yari
• H. Khodabandeh

• Information security management
• information security standard
• BS7799
• ISO 17799
• COBIT.

[1] Executive Brief: Managing Security Risk-Value of a Security Program
Approach February 2004.
[2] Evangeles D. Frangopoulos, Mariki M. Eloff, "A Comparative Study of
Standards and Practices Related to Information Security Management"
Cairo, Egypt, 2004.
[3] Tom Carlson, "Understanding ISO17799", Principal Consultant -
Information Protection & Assurance HotSkills, Inc.
[4] Information Security Forum, "The Standard of Good Practice for
Information Security," Version 4, March 2003..
[5] Information Systems Security Association (ISSA), "The Generally
Accepted Information Security Principles (GAISP)", in preparation.
[6] Information Technology Governance Institute, "Information Security
Governance: Guidance for Boards of Directors and Executive
Management," 2001.
[7] WWW.bsi-global.com