Home
ISO17799
The purpose of this work is to define a coherent and comprehensive set of privacy-related guidelines for information security management. This set of privacy requirements is developed on top of a popular information security management standard, ISO17799.
The Code of Practice of this standard includes a large number of requirements for the management of information security. However, specific requirements for privacy-sensitive data processing are missing. A specific set of requirements can be helpful in various settings, especially when developing management procedures and privacy policies. The proposed requirements are developed according to the typical 17799 formatting and structural conventions. Moreover, an effort was made to respect the same general approach to content and the abstraction level suggested by the current standard.
This
research project was presented at the 19th
Annual Computer Security Applications Conference in Las Vegas, NV, Dec.
2003.
Draft
privacy enhancements to IS17799, version
0.94. Sept. 28, 2002
Presentation of the enhancements to IFIP WG9.6/11.7
meeting in Prague,
June 1, 2002
Article
presented
at
19th ACSAC, Dec. 13, 2003
Presentation
at 19th ACSAC, Dec. 13, 2003
|