Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Skype use obligation - Security x Productivity

from [Pretorius, Wynand (ZA - Johannesburg)] Network Security [Permanent Link]
Subject: RE: Skype use obligation - Security x Productivity
Date: Wed, 18 Jul 2007 09:01:25 +0200 
Good Morning

For the 7799 certification you need to show evidence that the business
decided on using a particular technology that falls within acceptable
levels of risk. Remember the business defines the risk levels. Risks
must be identified, mitigated, accepted or transferred with supporting
evidence.

You cannot fail a company because of their choice of technology. In fact
is not even about the technology but more the management of the risk. My
advise to you is that if the business chose skype, ensure that the
supporting processes, secure configuration standards and acceptable use
policy in place. This will show that the technology is managed and the
risks identified. Also consider a readiness audit before you go for
certification. 

Regards

Wynand Pretorius
CISSP CISA CISM ISO 27001 Lead Auditor
Manager 
Enterprise Risk Services
Deloitte & Touche 
Tel switchboard +27 (0)11 806 5000 
Email: wpretorius@deloitte.co.za

World Wide Web http://www.deloitte.com 

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Javier O. Augusto
Sent: 17 July 2007 03:34 AM
To: pen-test@securityfocus.com
Subject: Re: Skype use obligation - Security x Productivity

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


M.B.Jr. wrote:

[..] What to do? Risk their efforts in obtaining ISO certification?
 Guess we need to hear some other professionals.

Thank you, any comment will be extremmely useful.


Greetings,

You're better off sending this question to "bs7799@securityfocus.com"
Anyway, remeber that ISO 17799 guidelines says measurements are not
mandatory...

HTH.

Jay_of_Today
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGnByBdzPeqPICKQkRAq2bAJkB4Ew5A4vpofU6b08NhnM421Y3AgCgjusw
buPeMOm5jkURv7t+K8LGz9E=
=ZOuq
-----END PGP SIGNATURE-----


------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for Cenzic's robust,
accurate risk assessment and management solution FREE - limited Time
Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------

Important Notice: This email is subject to important restrictions, 
qualifications and disclaimers ("the Disclaimer") that must be accessed and 
read by visiting our website and viewing the webpage at the following address: 
http://www.deloitte.com/za/disclaimer.  The Disclaimer is deemed to form part 
of the content of this email in terms of Section 11 of the Electronic 
Communications and Transactions Act, 25 of 2002.  If you cannot access the 
Disclaimer, please obtain a copy thereof from us by sending an email to 
ClientServiceCentre@Deloitte.co.za.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer

http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Skype use obligation - Security x Productivity, Roland Dobbins
Next by Date:  Re: Mile2 Training (Certifications), Jamie Riden
Previous by Thread:  Re: Skype use obligation - Security x Productivity, Javier O. Augusto
Next by Thread:  Re: Skype use obligation - Security x Productivity, M.B.Jr.
Indexes:  [Date] [Thread] [Top] [All Lists]