The Positive and Negative Aspects of the ISO/IEC 17799 Standard

3 years ago Mike
board

We live in times when both customers and companies need to be completely certain that their information will be kept safe no matter what. All businesses obtain various types of safety measures to protect their clientele’s data, as well as any vital info associated with the business itself. Back in 2005, one of the most prominent frameworks was released, namely the ISO/IEC 17799 system. Undoubtedly, it is associated with a number of positives, however, experts have also spotted a few slight disadvantages that may potentially create trouble. For your ease, in the next paragraphs, we’ll highlight the major pros and cons of ISO/IEC 17799.

What Exactly Is ISO/IEC 17799

Before we focus on the main topic of this post, we would first like to provide a comprehensive definition of the ISO/IEC 17799 framework. In the simplest terms, this is an information security management standard. When this standard is implemented, that results in proper security controls and complete integrity. This particular framework consists of ten domains and 36 control objectives. Its aim is to deal with technical, legal, administrative, and operational security. Here is a list of the ten security domains of ISO/IEC 17799:

  • Security Policy
  • Organizational Security
  • Asset Classification and Control
  • Personnel Security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Systems Development and Maintenance
  • Business Continuity Management
  • Compliance

It is quite obvious that this standard may be used by myriads of companies. Nonetheless, despite this framework being so compliant, organizations should also consider the fact that the ISO/IEC 17799 system may be a bit difficult to implement. Now that we have provided more information on the essence of this framework, it is time to list its more considerable benefits. However, as aforesaid, specialists have also run into a few disadvantages that will also be highlighted in the next paragraphs.

Major Benefits of Using the ISO/IEC 17799 Framework

One of the major perks of ISO/IEC 17799 is the fact that the model is quite general. In other words, it may be used by various types of organizations. Each one of them will be provided with the necessary security, which is something fundamental for all companies. Even though a minimal percentage of experts consider this more a con than a pro, the majority of professionals are categorical that this is one of the most important advantages of the standard.

In addition, the ISO/IEC 17799 framework is the only one that allows organizations to obtain a certificate from a third-party auditor. Such a certificate would serve as proof that the respective organization has adopted all essential safety measures and has successfully implemented the obtained security controls.

The third considerable benefit of this model is the fact that organizations that use it will be exposed to much lower risks of any type of security breaches. This would mean that they will manage to save tons of money that, in other scenarios, would be spent on recovering from such issues. After all, many factors may contribute to a complete loss of data, including natural disasters. Therefore, it is vital for a company to ensure that its information will be kept safe regardless of the circumstances.

It should not come as a surprise that this system is now a prominent one not only in Asia, but in a number of European countries, as well, including the Netherlands, the Czech Republic, Spain, Norway, and so on. In Australia, this framework has also become the ultimate standard.

And last but not least, considering that this model consists of ten domain levels, each one being equally essential, we may conclude that this framework’s strategy is brilliant. The reason being is that its purpose is for all areas to be explored, not only the technical ones, for example. That, of course, results in better, if not impeccable, overall security management.

Disadvantages Associated with the ISO/IEC 17799 Framework

As you have probably figured out, the cons regarding this security management system are less than its benefits. That is quite understandable, considering its domains. Nonetheless, experts still managed to spot a few disadvantages. Fortunately, they are not so significant, which means that the ISO/IEC 17799 framework is still considered one of the best ones out there.

The first handicap we would like to put our focus on is the fact that this standard may be arduous to implement. Every organization that wishes to make use of it should make sure that it has enough funds to be able to apply this security management model. The reason for this stands behind the fact that this particular framework has a considerable number of requirements.

And the second and last con we’ve uncovered is that analyzers have spotted problems related to the processing time in cases when unexpected issues emerge. Some also believe that there are many better Risk Management alternatives out there. Aside from these cons, however, after its release, the system was highly accepted.