ISO 17799 is a nontechnical document from the International Organization for Standardization. It’s the closest thing the information security world has to a golden rule-book of management. A few U.S. companies are using it to communicate to stakeholders that a company is working toward security best practices. In theory, standards are still the key to making information security mature, but in reality, they’re still the greatest thing that never happened to security management. In the future, a real, certifiable standard could and probably will be key to the credibility that board-level security needs.”]
Source: https://www.csoonline.com/article/2115804/iso-17799–nist-and-more–guiding-lites.html