Re: 7799?

[Alessandro <a.bottonelli () infinito it>]

On Tuesday 04 November 2003 00:23, jm wrote:
> Hi
>
> I have been asked to look at getting a small organisation up to 7799
> accreditation standards in a short time span.
>
> They have minimal systems; email, internet access, CRM Database, on 2
> servers, and around 10 pc s, so the quantity of work should not be too
> much.
As already well said by David, the bulk of BS7799 accreditation process has 
to do with processes and organization regardless of the company size.

Also David's point about buying in from senior management can't be stressed 
enough. Preparing for accreditation and getting it may be expensive 
(especially for a small org) and may change the security posture 
(culturally-wise) of the organization significantly. A good starting point 
would be examining the motives of the company for getting the certification: 
the market demands them to? Image? Marketing? Compliance with 
law/regulations/contracts? Any combination of the above? Any other motive?

I personally don't believe much in automated software for BS7799 compliance 
or any other standard compliance to that matter. But that's just me.

My 0.02 Euros worth :-)

-- 
Alessandro Bottonelli
CISSP, BS7799
www.axis-net.it


---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 
----------------------------------------------------------------------------