The first part, containing the best practices for Information Security Management, was revised in 1998; after a lengthy discussion in the worldwide standards bodies, was eventually adopted by ISO as ISO/IEC 17799, "Information Technology - Code of practice for information security management." in 2000. ISO/IEC 17799 was then revised in June 2005 and finally incorporated in the ISO 27000 series of standards as ISO/IEC 27002 in July 2007.
The second part to BS7799 was first published by BSI in 1999, known as BS 7799 Part 2, titled "Information Security Management Systems - Specification with guidance for use." BS 7799-2 focused on how to implement an information security management system (ISMS), referring to the information security management structure and controls identified in BS 7799-2, which later became ISO/IEC 27001. The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA) (Deming quality assurance model), aligning it with quality standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as ISO/IEC 27001 in November 2005.
BS7799 Part 3 was published in 2005, covering risk analysis and management. It aligns with ISO/IEC 27001.
- Cyber security standards
- ISO/IEC 27000-series
- ISO/IEC 27001:2005
- ISO/IEC 27001:2013
- ISO/IEC 27002 (formerly ISO/IEC 17799)
- http://www.bsigroup.com/en/About-BSI/News-Room/BSI-Fast-Facts2/ Fast Facts About BSI Group