Re: ISO IEC 27002 (ISO-17799) assistance please.

[jenna <jennasec-focus () yahoo co uk>]

Hi

I believe it's under A.11.3.2.  A time period isn't specified but it is best practice.

Jono



----- Original Message ----
From: Chris Barber <cmbarber () gmail com>
To: security-basics () securityfocus com
Sent: Friday, 11 January, 2008 2:36:02 AM
Subject: ISO IEC 27002 (ISO-17799) assistance please.

I am hoping that the experts on this list might be able to assist me
with problem.  I have a consultant who is doing some audit work for
the company I work for.  This consultant has been quoting information
about best business practice and standards and has my managment in a
bit of a tizzy.  So far I have been able to prove or disprove most
things that he has been telling my managment, but I am stuck one and
it seems that this item has struck a nerve.

The consultant has claimed that both NIST and ISO-17799 recomend the
use of automated workstation locking after X minutes.  I have found
information on the NIST Standard but have not been able to find
anything on the ISO-17799 standard (or atleast not without buying it).
Does anyone on the list happen to have a copy of ISO-17799, if so
could you help me prove or disprove this comment?

I have done several google searches and all of the links I get end up
asking me to purchase the Standard.  I think having it would be a good
thing, just that I do not have money in my budget to purchase it.

Many thanks in advance,

Chris.


      __________________________________________________________
Sent from Yahoo! Mail - a smarter inbox http://uk.mail.yahoo.com