New ISO framework addresses IT system security risk, vulnerability

By Staff -- Manufacturing Business Technology, 10/1/2005 12:00:00 AM

In June, The International Organization for Standardization (ISO) and the International Engineering Consortium (IEC) released ISO/IEC 17799:2005, the latest update to their code of practice for information systems. This version includes more guidance for information security and incident management than did its predecessor, and addresses risk assessment, provisions for business partnerships, and guidance for integration with other ISO standards.

The standard, says ISO, "establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management."

Willibert Fabritius, a lead auditor with TUV Rheinland of North America, Newtown, Conn., which performs ISO system assessments, describes 17799:2005 as "a standard for determining your data-security level of confidence."

According to Michael Rasmussen, a VP with Cambridge, Mass.-based Forrester Research, "It's a very high-level view—an architectural standard that provides a structure for defining a security program," adding that companies "should use the standard for building an information security program because it provides a commonly accepted framework."

Fabritius suggests companies adopt both 17799:2005 and BS7799-2, an information security management system specification from the British Standards Institution.

An 17799:2005 certification reassures customers and partners that a company is taking good care of its data, and for the company's own management, that its systems are up to snuff. However, whether the improved standard is taken up by manufacturers in anything like the way they've tackled ISO 9000 certification remains to be seen.

Fabritius says manufacturers lag in becoming ISO 17799-certified or compliant. Furthermore, compliance is not cheap. Changing company practices to meet the standard could cost many thousands of dollars. But Fabritius says regulatory pressures and the competitive advantage of being able to reassure customers about security issues will draw manufacturers into the fold.

Talkback

We would love your feedback!

Post a comment

» View All Talkback Threads

Related Content

• Topics
• Author

ISO 50001 standard for energy management practices progresses

08/12/2009

How information systems augment manufacturing efficiencies

11/16/2009

SYSPRO quality management solution serves small and midsize market

06/08/2008

Life sciences sector uses PLM to shorten “innovation-to-registration” cycle

09/01/2007

Savi rolls a lucky seven in the global RFID marketplace, standardizing on air interface protocol

03/01/2007

Also by this author

• Cyber security for industrial assets

• Companies falling short on environmental impact reductions

• Invensys Operations Management selects PAS Integrity Software for project delivery

• Survey: Manufacturing likely to lag while economy improves

• Software: Making sure the price is right

>>MORE

Sponsored Links

• Resource Center
• Browse Categories
• Browse Companies

Featured Company

• Honeywell

  

  Honeywell Process Solutions is a division of Honeywell Automation and Control Solutions (ACS) and has been a pioneer in automation control for more than 30 years. Honeywell Process Solutions serves several industries, including refining, oil and... more

---

Most Recent Resources

• The Discovery for Manufacturing Suite
• FICO™ Xpress Optimization Suite Schedules Big Profits For Clients
• Strategic Pricing: Three Steps to Higher Profit Margins
• Driving Innovation Through Lean Product Development Practices
• Demand Planning Maturity Model Strategies for Demand-Driven...