0

I'm doing research into ISO 17799:2005, more specifically its policies related to risk management and its involvement on risk management in the wider IT sector, but I can't find out the answer to:

Was ISO 17799:2005 the first standard to introduce risk management? If not, when and how does this iteration of risk management relate in comparison to the other standards?

The actual ISO document itself: https://www.sans.org/media/score/checklists/ISO-17799-2005.pdf

schroeder
  • 123,438
  • 55
  • 284
  • 319
Cpt Price
  • 1
  • 1
  • 1
    Hi, it would help people answering your question to know what you've found in your own research so far so that we can better frame our answers inside your existing knowledge. – Monica Apologists Get Out Jan 31 '19 at 15:27
  • @Adonalsium Sure, basically I've only found out that 17799 introduced (as far as I know) the underlying need for a risk assesment which you would then base the IT security controls upon. informationshield.com/papers/SecurityPolicyAndIso17799.pdf en.wikipedia.org/wiki/ISO/IEC_27002#Access_control – Cpt Price Jan 31 '19 at 16:08
  • 1
    When you ask "the first standard" - what kind of standards are included here? There exist a lot of standards or best practices. Risk analysis is way older than information technology and has always been there since electronic processing of data has existed. In the end risk analysis is just another form of fortune telling: https://en.wikipedia.org/wiki/A%C5%A1ipu – Tom K. Jan 31 '19 at 16:29
  • @TomK. I mean only in relation to IT standards, the first ISO standard to introduce risk management or if it wasn't; what was the first one? – Cpt Price Jan 31 '19 at 16:44
  • Did you mean ISO 17799 or ISO 17799:2005? Because there was a 17799:2000 that came out 5 years earlier ... – schroeder Jan 31 '19 at 17:03
  • Hold on, do you mean the first ***ISO*** standard? Or any standard? – schroeder Jan 31 '19 at 17:07
  • @schroeder I mean any ISO standard and I'm specifically researching 17799:2005, I'm aware of 2000, 2007 and 2018 versions of the standard. – Cpt Price Jan 31 '19 at 17:37
  • so .... does that mean that you are looking tor any ISO standard that dealt with IT risk management before 2000? If so, that's a reeealy simple Google query: https://www.google.com/search?q=iso+it+risk+management&rlz=1C1GIGM_enCA521CA521&source=lnt&tbs=cdr%3A1%2Ccd_min%3A1%2F1%2F1995%2Ccd_max%3A12%2F12%2F2000&tbm= – schroeder Jan 31 '19 at 17:47

0 Answers0