It is ironic that the most important Information Security standard in the world today, ISO 27002, has also had the most convoluted and confused naming history. On numerous occasions when I have been speaking about ISO 27002, “A Code of Practice for Information Security,” someone will ask, “But what about ISO 17799,” or “We’re committed to implementing BS 7799–we’re not interested in any ISO standard.” Of course these are different names for the same standard. As a result, I now begin presentations about ISO 27002 with a brief history to avoid the confusion before it occurs. A client asked me to turn this introduction into a separate presentation, which I thought was a good idea. So, here is a brief history of ISO 27002 (including its predecessors ISO 17799, BS 7799 Part 1, and BS 7799) and the closely related ISO 27001 (including its predecessors BS 7799 Part 2).  —Jim Herbeck

PDF file (English)