Re: ISO 17799 / BS 7799 certification

[Alessandro <a.bottonelli () infinito it>]

On Thursday 22 January 2004 14:03, Gideon Rasmussen, CISSP, CFSO, CFSA, SCSA 
wrote:
> I do not know of an ISO 17799 certification. There is a Yahoo group
> dedicated to the ISO 17799 standard:
Actually, there isn't such thing as a ISO 17799 certification. At the 
beginning of time there were a BS-7799 part 1 (Code of Practice) and a 
BS-7799 part 2 (Specifications). A certification was vs. BS-7799 part 2. 

Now "the kit" is made of an ISO 17799 part 1 (Code of Practice) and a BS 7799 
part 2 (Specifications). A certification is still vs. BS 7799 part 2 while 
there isn't any longer a BS 7799 part 1. There are no plans at the time to 
produce a ISO 17799 part 2 (but never say never...). The "Code of practice" 
provides guidelines ("should" is used in all sentences) the "Specifications" 
mandates requirements (the "should" becomes a "shall" in all clauses). 

I felt like dropping this quick note, as the general public is confused 
whether there is any difference between the ISO and the BS part of this 
standard and how the two relate to each other.

Cheers from Italy

-- 
Alessandro Bottonelli, BS Lead Auditor & CISSP
www.axis-net.it

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------