The International Standards Organization has developed two standards for information security. The two standards, ISO 17799 and ISO 27001, together provide a set of best practices and a certification standard. The standards are both derived from a British standard, BS7799, which for many years served as the authority for security. By adhering to the standards, banks can go a long way toward satisfying regulatory compliance requirements and satisfying auditors and regulators, says Martin Smith, senior consultant at Insight Consulting. Measuring effectiveness is a critical element of improving information security management, he says.”]
Source: https://www.bankinfosecurity.com/iso-17799-27001-setting-standards-for-information-security-a-165