Writting ISO 17799 and BS7799: 2000 Security Policies

Duration 3 days

Price £1,195.00 plus VAT

London Call for Dates

Edinburgh Call for Dates

Course Description
A hands-on practical course written to help organisations to build workable security policies that can be demonstrated to be compliant with the ISO 17799 and BS7799: 2000 standards. The course examines the role of security policies in the context of an Information Security Management System (ISMS). During the course delegates will use software and tools that will allow them to develop policies quickly and produce relevant cross-referenced documentation. Included in the cost of the course is a fully licensed copy of ISO Security's ISO Policy Generator software valued at 330.00, which includes licensed copies of Parts 1&2 of the BS7799: 2000 standard and full and complete documentation.

Who should attend? 
This course will significantly benefit Security officers, Auditors, Security professionals, Information Security Officers, Information Systems Managers, Consultants,  Site administrators, and anyone who wants to gain competence in writing and planning security policies.

Prerequisites: A good knowledge basic security fundamentals.

Delivery Method: Instructor-led, classroom-delivery with structured, hands-on activities.

Performance-Based Objectives

Upon successful completion of this course, students will be able to:

  • Define what security policies are
  • Describe why policy is important
  • Identify key policies for an organization
  • Explain the difference between policies, standards, procedures and controls
  • Explain how social awareness can help corporate security programs
  • Get support from senior management
  • Write clear and concise security policies
  • Produce written BS 7799: 2000 compliant policies/li>
  • Define the status of IT policies (in-process, complete, etc)
  • Document policy cross references
  • Record where compliance evidence is located
  • Perform document control of policies
  • Print your modified IT Security policies
  • View and print management reports
  • Get buy in for the user community

Course Contents

Overview of the development process

  • Approval and support from Board and management
  • The Information Security Management system
  • Creation of a management framework for information security
  • Assessment of security risks>
  • Selection and Implementation of Controls
  • Critical factors for successful implementation of an ISMS
  • How information security operates within the organization
  • Scope and procedures of the ISMS.
  • Demonstrate how effective security policies can produce ROI
  • Explanation of specific security policies and requirements.
  • How staff will be educated about security needs.
  • Policy on business continuity planning.
  • Incident Response

Security policy content

  • What should a security policy contain?
  • Definition
  • Objectives
  • Scope
  • Define control objectives to be included in the security policy
  • Statement of management intent
  • Explanation of security policies, principles, standards and compliance requirements
  • Definition of responsibilities for IS management
  • Statement of Applicability
  • References to supporting documentation

Security Policy Structure

  • Rationale
  • Compliance with legal and contractual requirements.
  • Protection of company's assets.
  • Definition
  • The overall objectives of the policy
  • A management statement supporting the goals and principles of the policy.
  • Responsibilities defined within the policy.
  • How the policy will be monitored and enforced
  • Define policy effectiveness review and timeline
  • References to supporting documentation

Developing Security policies with ISO Security policy Generator

  • Review of both parts of BS-7799:2000 (ISO-17799) Standard.
  • Creating organisational policies from pre-written sample policy statements, and modifying them to fit your organisations requirements.
  • Using the Policy administration software

Review of key policies

  • Acceptable Use Policy/li>
  • Email Policy
  • Laptop & Mobile User Policy
  • Network Security Policy
  • Internet Security Policy
  • Intranet Security Policy
  • System Policy
  • Data Protection Act


Enforcing Organisational Security Policy /p>

  • Enforce Corporate Security Policy Compliance
  • Enforce Legal Compliance
  • Enforce Physical Security Compliance

Security Awareness, and training

  • Creating a security conscious culture
  • Promulgating security policies Changing behaviour
  • Monitoring and maintaining the program

The next step: Gaining BS7799 accreditation

  • Preparing for BS 7799 certification and Audit.
  • Identify the documents required for BS 7799 Certification and Audit.
  • The Certification and Audit Process.
  • IT Accelerator
  • Information resources