Re: ISO IEC 27002 (ISO-17799) assistance please.

Hi frinds i am anirudha if you have any problem i have solution it .
I am give create Website in very low cost of Rupess 200 only . if
anyone are intrest to devlop own website than contact me

anirudha vidolkar
9270451638
http://anirudh.vidolkar.googlepages.com/
anirudh.vidolkar@xxxxxxxxx



On 12 Jan 2008 10:31:21 -0000, <chief@xxxxxxxxxx> wrote:
Hello Chris,

With reference to ISO 27001: 2005

Section A.11.3.2 - Users shall ensure that unattended equipment has appropriate protection.

Section A.11.5.5 - Inactive sessions shall shut down after a defined period of inactivity.



The fundamental of ISO 27001 controls is that it needs to be applied based on risk assessment only. Only if your situation warrants and only if the control justifies the risk it is addressing, and the cost of the control justifes its benefits shall the controls be applied.



I m sure the Consultant your organisation has engaged has made his recomendations based on risk assessment he would have performed on your Operating System Access Control. All controls should necessarily be based on RA.



You mentioning that you have you have proved your Consultant wrong or right seems to be out of place as this is not warranted if you would have reffered to the Risk Assessement done by you or your process owners. May be, you have not done your risk assessment correct or else you would have had any scope for proving or disproving anyone.


Chief Consultant

Infodit Global