The evaluation and certification of information security against BS 7799

Electronic commerce has become a reality, but unfortunately it is held back by the lack of information security associated with it. Business partners will have to prove to each other that they are adequately secured, before electronic commerce will really blossom. This can best be done through a scheme whereby information security can be evaluated and certified. To enable this, some international or generally accepted information security standard needs to act as a memorandum against which evaluation can be conducted. The British Standard, BS 7799, can fulfill this role as it is becoming very well known internationally. This paper proposes a scheme whereby information security, within an organization, can be evaluated against BS 7799 and certification can take place, if successful. This scheme will provide the mutual trust between business partners, as far as information security is concerned, that is required in electronic commerce.