Security Basics mailing list archives
Re: BS7799 and Risk Analysis
From: SMiller () unimin com
Date: Wed, 31 Mar 2004 07:03:14 -0500
It also might be useful to take a course or two from the Business Continuity syllabus to get a better handle on how risk analysis, business impact analysis, and risk assessment relate to each other and to the enterprise. DRII (drii.org) and BCI (thebci.org) are good sources for this (depending on location). Scott Miller "Specialists without spirit, sensualists without heart, this nullity imagines that it has attained a level of civilization never before achieved" - J. W. von Goethe "Andy Cuff" <lists@securitywi To: "Net Solvers" <net_solvers () yahoo com>, <firewalls () securityfocus com>, zardry.com> <security-basics () securityfocus com>, <security-management () securityfocus com> cc: 03/30/04 04:05 PM Fax to: Please respond to Subject: Re: BS7799 and Risk Analysis "Andy Cuff" Hi I haven't seen any reply to this on the lists I regularly watch and whilst I can't give you a definitive answer could point you to some training I fell across today. I was looking for a weeks training that would set me in good stead for the future and was debating between CISSP and BS7799 and yes I know they are a World apart. I've pretty much settled for CISSP but thought the BS7799 Lead Auditor training may be of interest to you, it's by 7safe http://www.7safe.com/bs7799-lead-auditor.htm Hope it helps -andy Talisker Security Tools Directory http://www.securitywizardry.com ----- Original Message ----- From: "Net Solvers" <net_solvers () yahoo com> To: <firewalls () securityfocus com>; <security-basics () securityfocus com>; <security-management () securityfocus com> Sent: Tuesday, March 16, 2004 6:34 AM Subject: BS7799 and Risk Analysis
Hi friends, I would like to get some help on Risk analysis methodology adopted
for while doing BS7799 ISMS implementation. What risk analysis methodology do we need to adopt. To what depth do we need to conduct the risk analysis. When we do Risk Analysis for large organizations with more IT assets, spread across cities, then what should be the approach. Since there are many IT assets, time taken to conduct RA will be more. How do we reduce the timeframe. Is manual RA appropriate or RA using commercial tools is appropriate. How do you rate some commercial tools (like Cobra, Cramm, Callio Secura etc). Please provide some good pointers.
Thanks in Advance Security Novice Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Re: BS7799 and Risk Analysis Andy Cuff (Mar 30)
- Re: BS7799 and Risk Analysis SMiller (Mar 31)