Security Basics mailing list archives
Re: 7799?
From: Alessandro <a.bottonelli () infinito it>
Date: Tue, 4 Nov 2003 19:49:16 +0100
On Tuesday 04 November 2003 00:23, jm wrote:
Hi I have been asked to look at getting a small organisation up to 7799 accreditation standards in a short time span. They have minimal systems; email, internet access, CRM Database, on 2 servers, and around 10 pc s, so the quantity of work should not be too much.
As already well said by David, the bulk of BS7799 accreditation process has to do with processes and organization regardless of the company size. Also David's point about buying in from senior management can't be stressed enough. Preparing for accreditation and getting it may be expensive (especially for a small org) and may change the security posture (culturally-wise) of the organization significantly. A good starting point would be examining the motives of the company for getting the certification: the market demands them to? Image? Marketing? Compliance with law/regulations/contracts? Any combination of the above? Any other motive? I personally don't believe much in automated software for BS7799 compliance or any other standard compliance to that matter. But that's just me. My 0.02 Euros worth :-) -- Alessandro Bottonelli CISSP, BS7799 www.axis-net.it --------------------------------------------------------------------------- Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE The Presidio integrates PGP data encryption and XML Web Services security to simplify the management and deployment of PGP and reduce overall PGP costs by up to 80%. FREE WHITEPAPER & 30 Day Trial - http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027 ----------------------------------------------------------------------------