Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ISO IEC 27002 (ISO-17799) assistance please.

From: "anirudh vidolkar" <anirudh.vidolkar () gmail com>
Date: Sun, 13 Jan 2008 08:26:59 -0800
Hi frinds i am anirudha  if you have any  problem i have solution it .
I am give  create Website in very low cost of  Rupess 200 only . if
anyone are intrest to devlop own website than contact me

anirudha vidolkar
9270451638
http://anirudh.vidolkar.googlepages.com/
anirudh.vidolkar () gmail com



On 12 Jan 2008 10:31:21 -0000,  <chief () infodit in> wrote:

Hello Chris,

With reference to ISO 27001: 2005

Section A.11.3.2 - Users shall ensure that unattended equipment has appropriate protection.

Section A.11.5.5 - Inactive sessions shall shut down after a defined period of inactivity.



The fundamental of ISO 27001 controls is that it needs to be applied based on risk assessment only. Only if your 
situation warrants and only if the control justifies the risk it is addressing, and the cost of the control justifes 
its benefits shall the controls be applied.



I m sure the Consultant your organisation has engaged has made his recomendations based on risk assessment he would 
have performed on your Operating System Access Control. All controls should necessarily be based on RA.



You mentioning that you have you have proved your Consultant wrong or right seems to be out of place as this is not 
warranted if you would have reffered to the Risk Assessement done by you or your process owners. May be, you have not 
done your risk assessment correct or else you would have had any scope for proving or disproving anyone.


Chief Consultant

Infodit Global
Previous By Date Next
Previous By Thread Next

Current thread: