NCC Members have free access to this Guideline on the Principia website.

In the early 90's the UK's Department of Trade and Industry (DTI) began to raise the awareness of information security. The facts really hit home with the publication of their first Information Security Breaches Survey (by The National Computing Centre in 1994).

The practical remedy for managing the risk to information assets was published in the DTI's code of practice which became a British Standard - BS 7799 Information Security Management - in 1995.

Seven years on and the threats have become more far-reaching than could ever have been foreseen. Information security has become a front-line vulnerability to all businesses who use information technology - not just those who have outsourced their area networks to the Internet. However, even amongst the apparent glamour of espionage and the horror of terrorism, the day-to-day threats remain close to home and keeping the risks in perspective and the mitigations prioritised needs a calm, planned framework.

This Guideline covers:

• Benefits of the application of BS 7799
• A brief overview of the BS 7799 controls
• Requirements for an information security management system (ISMS)
• The certification process