ISO/IEC 17799:2005 establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives outlined provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management.
ANSI/INCITS/ISO/IEC 17799:2009 history
2009ANSI/INCITS/ISO/IEC 17799:2009 Information technology - Security techniques - Code of practice for information security management
2005ANSI/INCITS/ISO/IEC 17799:2005 Information technology - Security techniques - Code of practice for information security management