p1g,
I believe that the value of mapping these standards to each other
allows for the
qualification of the organization against multiple standards without
requiring a
duplication of efforts. Where standards match other standard's
requirements an
organization can count those steps as well. Measure twice, cut once.
Best,
Sean Swayze
On 24-Feb-08, at 10:58 PM, p1g wrote:
What am I missing here? I probably sound real dumb, but why are we
mapping standards to each other?
On Wed, Feb 20, 2008 at 11:49 AM, Jason P. Rusch
<saltynetguru@infosec-rusch.com> wrote:
Does anyone have in their possession such as a excel file that
directly
maps PCI requirements to ISO 27001.
I have several that map sp800-53 to Cobit to ISO 27001/27002, but
really
need a mapping PCI to ISO 27001.
--
---
Sincerely
Jason P. Rusch, CISSP, CISM, CISA
Certified Information Security Consultant
Wesley Chapel, FL 33543
saltynetguru@infosec-rusch.com
www.infosec-rusch.com
"There is no patch for stupidity"
The information transmitted is intended only for the person or
entity to
which it is addressed and may contain confidential and/or privileged
material. Any review, retransmission, dissemination or other use
of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited. If you
received this in error, please contact the sender and delete the
material from any computer.
--
-p1g
SnortCP, C|HFI, TNCP, TECP, NACP, A+
,,__
o" )~ oink oink
' ' ' '
If you spend more on coffee than on IT security, you will be hacked.
What's more, you deserve to be hacked.
-- former White House cybersecurity czar Richard Clarke
