Re: ISO 27001 mapping to PCI

[PCSC Information Services <info () pcsage biz>]

p1g,

I believe that the value of mapping these standards to each other  
allows for the
qualification of the organization against multiple standards without  
requiring a
duplication of efforts. Where standards match other standard's  
requirements an
organization can count those steps as well. Measure twice, cut once.


Best,

Sean Swayze

On 24-Feb-08, at 10:58 PM, p1g wrote:

> What am I missing here? I probably sound real dumb, but why are we
> mapping standards to each other?
>
>
> On Wed, Feb 20, 2008 at 11:49 AM, Jason P. Rusch
> <saltynetguru () infosec-rusch com> wrote:
> > Does anyone have in their possession such as a excel file that  
> > directly
> > maps PCI requirements to ISO 27001.
> >
> > I have several that map sp800-53 to Cobit to ISO 27001/27002, but  
> > really
> > need a mapping PCI to ISO 27001.
> >
> >
> > --
> >
> >
> > ---
> > Sincerely
> >
> > Jason P. Rusch, CISSP, CISM, CISA
> > Certified Information Security Consultant
> > Wesley Chapel, FL 33543
> > saltynetguru () infosec-rusch com
> > www.infosec-rusch.com
> >
> > "There is no patch for stupidity"
> >
> > The information transmitted is intended only for the person or  
> > entity to
> > which it is addressed and may contain confidential and/or privileged
> > material. Any review, retransmission, dissemination or other use  
> > of, or
> > taking of any action in reliance upon, this information by persons or
> > entities other than the intended recipient is prohibited. If you
> > received this in error, please contact the sender and delete the
> > material from any computer.
>
>
>
> --
> -p1g
> SnortCP, C|HFI, TNCP, TECP, NACP, A+
>  ,,__
> o"     )~  oink oink
>   ' ' ' '
>
> If you spend more on coffee than on IT security, you will be hacked.
> What's more, you deserve to be hacked.
> -- former White House cybersecurity czar Richard Clarke