Information Security Management Systems ISO Comparison

Confuse about BS17799, ISO17799, ISO27001 or ISO27002? Actually of the standard is same refers to Information Security Management System. Here is the history and comparison of the Security Standard, from 1992 to 2007 latest ISO27002

1992: The Department of Trade and Industry (DTI), which is part of the UK Government, publish a 'Code of Practice for Information Security Management'.

1995: This document is amended and re-published by the British Standards Institute (BSI) in 1995 as BS7799.

1996: Support and compliance tools begin to emerge, such as COBRA. David Lilburn Watson becomes the first qualified certified BS7799 c:cure Auditor

1999: The first major revision of BS7799 was published. Thsi included many major enhancements. Accreditation and certification schemes are launched. LRQA and BSI are the first certification bodies.

2000: In December, BS7799 is again re-published, this time as a fast tracked ISO standard. It becomes ISO 17799 (or more formally, ISO/IEC 17799).

2001: The 'ISO 17799 Toolkit' is launched.

2002: A second part to the standard is published: BS7799-2. This is an Information Security Management Specification, rather than a code of practice. It begins the process of alignment with other management standards such as ISO 9000.

2005: A new version of ISO 17799 is published. This includes two new sections, and closer alignment with BS7799-2 processes

2005: ISO 27001 is published, replacing BS7799-2, which is withdrawn. This is a specification for an ISMS (information security management system), which aligns with ISO 17799 and is compatible with ISO 9001 and ISO 14001.

July 2007: ISO 27002:2005 is published