Re: ISO 17799
From: Alessandro Bottonelli (a.bottonelli_at_axis-net.it)
Date: 11/24/05
- Previous message: murad: "Re: secure disposal of backup tapes"
- Next in thread: aj rembert: "Re: ISO 17799"
- Reply: aj rembert: "Re: ISO 17799"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Thu, 24 Nov 2005 23:46:14 +0100
On Saturday 22 October 2005 09:45, siangmeng lim wrote:
>
> Can someone help me in guiding me how a ISO 17799 certification
> process is carry out ?
>
To be rigorous, there's no such thing as an ISO 17799 certification,
ISO 17799 being a "guideline" - you can certify vs. BS7799:2 which is
the document with the "shall" (whereas the ISO doc replaces "shall"s
with "should"s ...).
> How should any organization approach this
> task if they have an intention to have their IT systems,
>
BS7799 (or as of Oct 15 -- ISO 270001) does not certify "IT Systems"
but rather organizations. It may sound like philosophy or semantics
-- but it makes a difference!
> various
> depts in the organizations to have a certain level of control and
> management of information ? Is there a difference in approaches and
> deliverables if it is a private company vs a gov agency ?
>
Since I *do* this for a living... I may sound interested -- yet I
honestly think you should hire an experienced professional for such a
task. It may save time, effort, and money in the long run.
My 2 Eurocents...
-- Alessandro Bottonelli, CISSP & BS7799 Lead Auditor Axis-Net Tel. +39 02 93595859 Web. http://www.axis-net.it
- Previous message: murad: "Re: secure disposal of backup tapes"
- Next in thread: aj rembert: "Re: ISO 17799"
- Reply: aj rembert: "Re: ISO 17799"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
