RE: ISO IEC 27002 (ISO-17799) assistance please.

["Abimbola, Abiola" <Abiola.Abimbola () bskyb com>]

Hi chris, 

I read standards it says in the control objectives section ( Annex A)
A.11.5.5 that inactive sessions shall shut down after a defined period
of inactivity. 

Hope this helps

Abiola Abimbola
Information Security Analyst
BSkyB (England)
1111-5409

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Chris Barber
Sent: 11 January 2008 02:36
To: security-basics () securityfocus com
Subject: ISO IEC 27002 (ISO-17799) assistance please.

I am hoping that the experts on this list might be able to assist me
with problem.  I have a consultant who is doing some audit work for
the company I work for.  This consultant has been quoting information
about best business practice and standards and has my managment in a
bit of a tizzy.  So far I have been able to prove or disprove most
things that he has been telling my managment, but I am stuck one and
it seems that this item has struck a nerve.

The consultant has claimed that both NIST and ISO-17799 recomend the
use of automated workstation locking after X minutes.  I have found
information on the NIST Standard but have not been able to find
anything on the ISO-17799 standard (or atleast not without buying it).
 Does anyone on the list happen to have a copy of ISO-17799, if so
could you help me prove or disprove this comment?

I have done several google searches and all of the links I get end up
asking me to purchase the Standard.  I think having it would be a good
thing, just that I do not have money in my budget to purchase it.

Many thanks in advance,

Chris.

-----------------------------------------
Information in this email including any attachments may be
privileged, confidential and is intended exclusively for the
addressee. The views expressed may not be official policy, but the
personal views of the originator. If you have received it in error,
please notify the sender by return e-mail and delete it from your
system. You should not reproduce, distribute, store, retransmit,
use or disclose its contents to anyone.

Please note we reserve the right to monitor all e-mail
communication through our internal and external networks.

SKY and the SKY marks are trade marks of British Sky Broadcasting
Group plc and are used under licence. British Sky Broadcasting
Limited (Registration No. 2906991), Sky Interactive Limited
(Registration No. 3554332), Sky-In-Home Service Limited
(Registration No. 2067075) and Sky Subscribers Services Limited
(Registration No. 2340150) are direct or indirect subsidiaries of
British Sky Broadcasting Group plc (Registration No. 2247735). All
of the companies mentioned in this paragraph are incorporated in
England and Wales and share the same registered office at Grant
Way, Isleworth, Middlesex TW7 5QD.