Re: 7799?

From: Alessandro (
Date: 11/04/03

  • Next message: Byron Sonne: "Re: Firewalls, Routers, and Bears ... oh, my"
    To: "jm" <>, <>
    Date: Tue, 4 Nov 2003 19:49:16 +0100

    On Tuesday 04 November 2003 00:23, jm wrote:
    > Hi
    > I have been asked to look at getting a small organisation up to 7799
    > accreditation standards in a short time span.
    > They have minimal systems; email, internet access, CRM Database, on 2
    > servers, and around 10 pc s, so the quantity of work should not be too
    > much.
    As already well said by David, the bulk of BS7799 accreditation process has
    to do with processes and organization regardless of the company size.

    Also David's point about buying in from senior management can't be stressed
    enough. Preparing for accreditation and getting it may be expensive
    (especially for a small org) and may change the security posture
    (culturally-wise) of the organization significantly. A good starting point
    would be examining the motives of the company for getting the certification:
    the market demands them to? Image? Marketing? Compliance with
    law/regulations/contracts? Any combination of the above? Any other motive?

    I personally don't believe much in automated software for BS7799 compliance
    or any other standard compliance to that matter. But that's just me.

    My 0.02 Euros worth :-)

    Alessandro Bottonelli
    CISSP, BS7799
    The Presidio integrates PGP data encryption and XML Web Services security to 
    simplify the management and deployment of PGP and reduce overall PGP costs 
    by up to 80%.
    FREE WHITEPAPER & 30 Day Trial - 

  • Next message: Byron Sonne: "Re: Firewalls, Routers, and Bears ... oh, my"