browser icon
You are using an insecure version of your web browser. Please update your browser!
Using an outdated browser makes your computer unsafe. For a safer, faster, more enjoyable user experience, please update your browser today or try a newer browser.

Security Vendors and ISO 17799 and ISO 27002

Posted by on 08/02/2013


So it’s interesting, yesterday, I was in a vendor presentation about Building Automation Systems (BAS) and cabling systems.  On one of their slides, it talked about how their products meets the ISO standards (ISO 17799).  Since I’ve been studying for my CISSP, I was thinking that I should know that one, but it was a 17799 number and I thought the security standards were ISO 27000 series.  So,  I figure it would be a great reminder and a refresher to look it up.

After looking it up, here are the  facts to remember:

ISO 17799 = ISO 27002

ISO 17799 was renumbered in 2005 to ISO 27002 [1].

So that tells me that vendors just put numbers down to impress people, they really don’t know that it is an out of date standard and the standard  should have been supersede by ISO 27002.


[1] E. Conrad, 11th Hour CISSP Study Guide, Syngress, Burlington, MA, 2011, pp 14.


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.