British coming to push standard on data security

British coming to push standard on data security

By William Jackson

GCN Staff

The British Standards Institution is working to drum up interest among systems and network administrators on this side of the Atlantic in its newly adopted standard for information security management.

'In the U.S., you have no equivalent document' to BS 7799, said Kay Ruddeforth, BSI product manager, at the recent SuperComm '99 trade show in Atlanta.

Ruddeforth said BS 7799, which received final approval in April, has been submitted to the International Standards Organization for adoption.

She said at least one U.S. company, Internet commerce vendor CyberSource Corp. of San Jose, Calif., has announced its intent to obtain BS 7799 certification from BSI, which has offices in Reston, Va. But, she said, she has not received any expression of interest from the U.S. government.

Reg Blake, BSI regulatory affairs manager, said the Defense Department has scrutinized BSI's project management standards, however.

The British standard is not mandated by the European Union's directive on data security, but if compliance with EU security standards becomes necessary for doing business in Europe, BS 7799 could become widespread in the United States.

Code and specs

BS 7799 has two parts: a code of practice for information security management and specifications for information security management systems.

Part 1 covers best practices for risk assessment and control related to topics ranging from mobile computing to site housekeeping. Part 2 deals with designing and implementing an information security system, documenting it and managing a security policy.

The standard can be applied at different security levels depending on an organization's identified threats and associated risks.

inside gcn

  • security compliance

    Security fundamentals: Policy compliance

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group