I just recieved my copy of the newest version. A new version of the IEC/ISO 17799 security standard has been published before two days (June 15th). This is the second edition of the document. The first one was dated December 2000. Title has changed to: IEC-ISO 17799-2005 Information technology – Security techniques – Code of practice for information security management. There are now 11 domains instead of 10.

  • Security Policy
  • Organization of Information Security
  • Asset Management
  • Human Resources Security
  • Physical and Environmental Security
  • Communications and Operations Management
  • Access Control
  • Information System Acquisition, Development and Maintenance
  • Information Security Incident Management
  • Business Continuity Management
  • Compliance

Some of the titles of the domains have also changed, and new content added (around 45 pages). New chapters have been added at the beginning of the document, most notably a chapter on risk assessment and treatment.