On Sat, Oct 18, 2003 at 02:03:20AM -0400, Matt Zimmerman wrote: > > Information Security - As defined by ISO-17799, information security is > > characterized as the preservation of: > > > > * Confidentiality - ensuring that information is accessible only to > > those authorized to have access. > > * Integrity - safeguarding the accuracy and completeness of information > > and processing methods. > > * Availability - ensuring that authorized users have access to > > information and associated assets when required. > > ISO, I'm afraid, does not document either English or Information Technology. Its funny, because ISO-17799 is just copy & paste from BS-7799, which is a British standard and does document Information Techology security. Not only the UK, but also the US is "strongly in favor" of this ISO standard, as the NIST itself declares [1] Moreover, is the standard used to define security policies in companies all over the world. So, I'm afraid, IMHO it does document IT security pretty well. > They are free to define terms however they like for the purposes of issuing > standards documents, and they are under no obligation to write these > definitions so as to correspond to any actual usage of these words. Correct, but that precise definition of "security" is the one upholded by many security practicioners (for god's sake, it's even part of most security-related certifications and graduate/postgraduate courses!). Regards Javi [1] http://csrc.nist.gov/publications/secpubs/otherpubs/reviso-faq.pdf
Attachment:
pgpQAoPwzLRda.pgp
Description: PGP signature