BS 7799-3 is due to be published in December 2005... the third iteration of the numeric title. Its official title is: "Information security management systems - Part 3: Guidelines for information security risk management". It is intended to provide guidance and support for the implementation of BS7799-2 (ISO 27001) and is intended for use in small, medium and large organizations.
Technically, BS 7799-3 replaces prior publications PB003 and PD005, which covered similar ground.
Its contents are:
1. Scope
2. Normative references
3. Terms and definitions
4. Information security risks in the organizational context
5. Risk assessment
6. Risk treatment and management decision making
7. On-going risk management activities
Annex A, B and C
These sections span approximately 48 pages.
It should also be noted that the BS7799-3 standard has been harmonized with both ISO 17799 and ISO 27001 to ensure consistency.
WHERE TO OBTAIN THE BS 7799-3 STANDARD
This standard itself can be obtained directly from BSI, here: