Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ISO 17799

from [Alessandro Bottonelli] Network Security [Permanent Link]
Subject: Re: ISO 17799
Date: Thu, 24 Nov 2005 23:46:14 +0100 
On Saturday 22 October 2005 09:45, siangmeng lim wrote:


Can someone help me in guiding me how a ISO 17799 certification
process is carry out ?


To be rigorous, there's no such thing as an ISO 17799 certification, 
ISO 17799 being a "guideline" - you can certify vs. BS7799:2 which is 
the document with the "shall" (whereas the ISO doc replaces "shall"s 
with "should"s ...).


How should any organization approach this 
task if they have an intention to have their IT systems,


BS7799 (or as of Oct 15 -- ISO 270001) does not certify "IT Systems" 
but rather organizations. It may sound like philosophy or semantics 
-- but it makes a difference!


various 
depts in the organizations to have a certain level of control and
management of information ? Is there a difference in approaches and
deliverables if it is a private company vs a gov agency ?


Since I *do* this for a living... I may sound interested -- yet I 
honestly think you should hire an experienced professional for such a 
task. It may save time, effort, and money in the long run.

My 2 Eurocents...

-- 
Alessandro Bottonelli,
CISSP & BS7799 Lead Auditor
Axis-Net
Tel. +39 02 93595859
Web. http://www.axis-net.it
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Re: ISO 17799, Alessandro Bottonelli <=
Previous by Date:  Re: secure disposal of backup tapes, murad
Next by Date:  FW: Tunelling RDP traffic over HTTP proxies., Jeroen van Meeuwen
Previous by Thread:  Antivirus on intranet network, Steven Meyer
Next by Thread:  Re: ISO 17799, aj rembert
Indexes:  [Date] [Thread] [Top] [All Lists]