What is this standard about?
It’s about risk management in relation to information security. It covers all the necessary processes to manage information security risks.
Who is this standard for?
Every organization with information will benefit from using this standard, regardless of size or sector. In terms of role, it will be used by:
GRC managers
Security managers
Operational managers
Auditors
Anyone responsible for implementing the requirements of the General Data Protection Regulation in their organization
Why should you use this standard?
It plugs the gap left between the international standard on information security risk management that was last published in 2011 ( ISO/IEC 27005:2011 ) and the revised ISO/IEC 27001 which was published in 2013.
As such BS 7799-3:2017 provides essential support for the implementation of ISO/IEC 27001:2013 Information technology - Security techniques - Information security management systems – Requirements and all sectoral and application specific uses of that standard.
NOTE: BS 7799-3:2017 , or its successor(s), will be available until ISO/IEC completes ISO/IEC 27005:201 1 full revision. It will then be withdrawn.
BS 7799-3:2017 history
2017BS 7799-3:2017 Information security management systems - Guidelines for information security risk management
2006BS 7799-3:2006 Information security management systems - Guidelines for information security risk management