Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: ISO 27001 mapping to PCI

from [Mike Lococo] Network Security [Permanent Link]
Subject: Re: ISO 27001 mapping to PCI
Date: Mon, 25 Feb 2008 19:02:30 -0500
What am I missing here? I probably sound real dumb, but why are we mapping standards to each other? 

I believe that the value of mapping these standards to each other
allows for the qualification of the organization against multiple
standards without requiring a duplication of efforts. Where standards
match other standard's requirements an organization can count those
steps as well. Measure twice, cut once.

In particular, folks like to map against ISO 27001/27002 because it's fairly comprehensive. They use it as their common language to refer to all internal security controls, and do all their implementation and audit using that vocabulary. Then when they want to check compliance against another standard, they map it to ISO27001 and end up with a checklist they can pass around internally or query their configuration management database for.

Thanks,
Mike Lococo

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Vista Wireless Client, Steve Armstrong
Next by Date:  PI to do Forensics? WAS: Re: Two questions, Jon R. Kibler
Previous by Thread:  Re: ISO 27001 mapping to PCI, PCSC Information Services
Next by Thread:  RE: ISO 27001 mapping to PCI, Craig Wright
Indexes:  [Date] [Thread] [Top] [All Lists]