The British Standards Institute (BSI) published the first document on safety and good practice in security. This document was known as the Code of Practice and it was published in 1993. The document was revised and became a British Standard 7799 (or BS 7799 for short). A new version of the standard (BS7799-2) was release in 1998. The new version specifies a security management system (ISMS) based on objectives and controls of BS7799-1. A year later, both standards have been revised in order to ensure their consistency. BS 7799 standard introduces the concept of lifecycle management for information security:
- PLAN – planning and establishment phase
- DO – use of system
- CHECK – system monitoring and audit
- ACT – improving the system
ISO 17799 and BS 7799 are wildly accepted in Europe, Japan and most of Australia. The ISO 17799 is tightly coupled with the BS 7799 standard, from which it was created. The ISO 17799 standard describes some new concepts in information security:
- Confidentiality- ensures access to information only to authorized persons,
- Integrity- must ensure the accuracy and completeness of information and ways of processing,
- Availability- must ensure that the information is available when needed.