?The BS7799 consists of 10 different sections with different objectives which needs
some deliberation and understanding. These sections can be summarized as below:
? Policy on Security: The objective of this section is to provide the management
directions and outlook in support of information security.
? Organization of Resources and Assets: The objectives of this section is to mange IS
in the organization; the management of the organizational security in connection with
information assets and processing which are directly assessed by third parties;
security responsibility in cases of outsourced information processing.
? Control and Classifications of Asset: The objectives of this section are to prepare the
list of corporate assets of the organization includ ing information assets and ensuring
proper level of security thereof.
? Security relating to Personnel: The chief objective of this section is to mitigate the
risks arising out of human error, fraud, theft, or misuse of organizational facilities;
ensuring that users of information are aware of threats to information, and are ready
and properly equipped to ensure the integration of the security policies in the usual
course of their work; to reduce and minimize all the damage which might result from
security breach and/or malfunctions of controls.
? Environmental and Physical Security: The objectives are more or less same to the
security relating to the personnel but in the context of environmental and physical
security of information assets of the organization.
? Operations and Communications Management: The objectives include ensuring
secure operations at facilities used for information processing; minimizing systems
failure and down time; ensuring reliability, integrity and availability of software,
information processing and communications network; protect business assets from
damage; protect information by preventing loss of information.
? Control of Access: The section objectives are to control access; prevent
unauthorized person from accessing information; protection of networks; protection
of computer access; detection of unauthorized and suspicious activities; enforcing
security in remote access.
? Development and Maintenance of Systems: The section aims at policies of
minimizing system down times and regular maintenance including data backup.
? Management of Business Continuity: The section objectives are to ensure
un- interrupted business activities and to protect processes which are critical for
business from major disasters or failures through use of backup and redundancy
? Compliance: The section aims at implementing standards, monitoring compliance
all within the legal and statutory framework and finally minimizing interference from
audit processCarl Reid also writes for Tech-Faq here are similar articles What is
Distributed Computing and What is HIPAA. Visit BS7799 - Objectives.