Hi Nabil
I include a quote of Martin Dion, a colleague of us who posted the
attached text in another forum:
[quote]
Good morning everybody,
I think the first questions you should ask yourself before going into
any direction from a standard perspective are: What is the business
need? Then, do you need a baseline to conduct a gap analysis against?
Do you need a methodology that will support your objectives? Are your
objectives defined? How much information do you need to support your
initiative? Are you readily well versed in security processes or your
need support documentation?
CoBIT is an IT Governance model that includes security in the various
objectives of IT. It is big but it is flexible and very, very well
documented.
ISO 17799 is nice but high level, it does not include a lot of
underlying material to support somebody who starts into security such as
CoBIT has with KPI, Control Objectives and so on...
NIST, provide a suite of standard and guidelines to support specific
security initiative such has Policies, BCP, Awareness, Virus, and
Firewall...
PAS56 focus on business continuity only.
ITIL provide IT Service optimization type of material with little
security included, it mostly focus on service reliability, availability
and problem management based on Service Level Agreement. [Unquote]
I hope this can help you further.
Kind regards,
Rafael de Dios
Group IT Security Analyst
-----Original Message-----
From: NabilM@kuveytturk.com.tr [mailto:NabilM@kuveytturk.com.tr]
Sent: dinsdag 11 januari 2005 7:45
To: security-management@securityfocus.com
Subject: diff btw BD 7799, ISF Security Standard, ITIL and others..
Fellows,
Can some one point me too some article(s), or summarize me the
difference between these IT Security Standards including BD 7799, ISF
Security Standard, ITIL and others. I read some where that BS 7799 is
less like a standard and more like security practices that enable one to
build and tailor a security standard for his/her particular
organization. On the other hand, ISF standard was prepared by taking BS
7799 into account. I plan to implement a standard this year for my org,
and I am in the process of comparing the available ones. Any help in
this would be greatly appreciated.
Thanks in advance,
-Nabil.
DISCLAIMER:
Bu elektronik posta ve ekleri, sadece yukarida ismi yazili alicinin
dikkatine gonderilmistir. Mesajin muhatabi degilseniz, icerigini ve
varsa ekindeki dosyalari kimseye aktarmayiniz ya da kopyalamayiniz.
Boyle bir durumda gondereni uyarip, mesaji imha ediniz. KUVEYT TURK
E.F.K. A.S bu e-postanin ve eklerinin icerdigi bilgilerin size
degisiklige ugrayarak ulasmasindan veya gec ulasmasindan, butunlugunun
ve gizliliginin korunamamasindan veya icerigine guvenilerek yapilacak
islemlerden dolayi sorumlu tutulamaz.
This e-mail & its content have been sent to the attention of the
receiver named above. If you are not the intended recipient (or have
received this e-mail in error), Please notify the sender immediately and
destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
Kuwait Turkish Evkaf Finance House shall not be held liable for the
arrival of this e-mail & its content as modified or late, the protection
of integrity and secrecy and shall not be liable to any person who acts
or omits to do anything in reliance upon it.
