ISO 17799 27001 Control or Standard

Posted: May 25, 2007 in Policy and Compliance, Risk Assessment
Tags:

I recently came across an interesting article explaining the concept of ISO 17799/27001 being a control vs. a standard.   This is a good write up because it explains that the ISO documents are there as suggestions and guidance based on a risk assessment.   

Many times I talk to organizations that appear to be looking to implement the ISO controls, but there is an education gap.  In most cases these organizations are not looking to be compliant for an ISO audit but believe they are increasing the company’s security.  If you are not looking to be compliant then like all security solutions a risk assessment should be conducted to determine the controls implemented and their priority.  

Article:

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9018158&pageNumber=4

Advertisements
Comments
  1. Mike says:

    Very recently I also came across one website which provides a wonderful tool to comply with regulations like ISO 17799 and it also helps in complying with many other regulations also. A crosswalk matrix poster between different regulations of Symantec is a very useful tool for compliance team and risk management office. This poster is crosswalk between: HIPAA, ISO 17799, COBIT 4.0, Sarbanes Oxley, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada) http://www.compliancehome.com/symantec/compliance.html

  2. jtbevis says:

    Mike,

    I’m not too comfortable with recommending a tool to ensure compliance. Let me state that I’m not familiar with the tool that you mentioned other then reading the whitepaper you linked. My experience shows that a tool can’t do the entire job. Do you know what percentage of compliance for ISO 17799 the tool actually provides; or for that fact the other compliance (SOX, etc) percentages? I think a statistic like that would be the most valuable and if there is data to back it up then everyone could benefit.

  3. ISO 9000 says:

    Hey, very nice site. I came across this on Google, and I am stoked that I did. I will definately be coming back here more often. Wish I could add to the conversation and bring a bit more to the table, but am just taking in as much info as I can at the moment.
    iso 9000

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s