Re: BS7799 and Risk Analysis

• Previous message: Shawn Jackson: "RE: Secure host newbie"
• In reply to: Andy Cuff: "Re: BS7799 and Risk Analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Andy Cuff" <lists@securitywizardry.com>
Date: Wed, 31 Mar 2004 07:03:14 -0500

It also might be useful to take a course or two from the Business
Continuity syllabus to get a better handle on how risk analysis, business
impact analysis, and risk assessment relate to each other and to the
enterprise. DRII (drii.org) and BCI (thebci.org) are good sources for this
(depending on location).

Scott Miller

"Specialists without spirit, sensualists without heart, this nullity
imagines that it has attained a level of civilization never before
achieved" - J. W. von Goethe

                                                                                                                                       
                      "Andy Cuff"
                      <lists@securitywi To: "Net Solvers" <net_solvers@yahoo.com>, <firewalls@securityfocus.com>,
                      zardry.com> <security-basics@securityfocus.com>, <security-management@securityfocus.com>
                                               cc:
                      03/30/04 04:05 PM Fax to:
                      Please respond to Subject: Re: BS7799 and Risk Analysis
                      "Andy Cuff"
                                                                                                                                       

Hi
 I haven't seen any reply to this on the lists I regularly watch and whilst
I can't give you a definitive answer could point you to some training I
fell
across today. I was looking for a weeks training that would set me in good
stead for the future and was debating between CISSP and BS7799 and yes I
know they are a World apart.

I've pretty much settled for CISSP but thought the BS7799 Lead Auditor
training may be of interest to you, it's by 7safe
http://www.7safe.com/bs7799-lead-auditor.htm

Hope it helps
-andy

Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message -----
From: "Net Solvers" <net_solvers@yahoo.com>
To: <firewalls@securityfocus.com>; <security-basics@securityfocus.com>;
<security-management@securityfocus.com>
Sent: Tuesday, March 16, 2004 6:34 AM
Subject: BS7799 and Risk Analysis

> Hi friends,
> I would like to get some help on Risk analysis methodology adopted
for
while doing BS7799 ISMS implementation. What risk analysis methodology do
we
need to adopt. To what depth do we need to conduct the risk analysis. When
we do Risk Analysis for large organizations with more IT assets, spread
across cities, then what should be the approach. Since there are many IT
assets, time taken to conduct RA will be more. How do we reduce the
timeframe. Is manual RA appropriate or RA using commercial tools is
appropriate. How do you rate some commercial tools (like Cobra, Cramm,
Callio Secura etc). Please provide some good pointers.
>
> Thanks in Advance
> Security Novice
>
>
> Do you Yahoo!?
> Yahoo! Mail - More reliable, more storage, less spam

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less

to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: Shawn Jackson: "RE: Secure host newbie"
• In reply to: Andy Cuff: "Re: BS7799 and Risk Analysis"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]