Good morning,
To go by the book, BS7799 is actually a standard while ISF is more of a best
practice partly inspire by BS7799.
BS7799-1 or ISO 17799 is an ISO document that is complemented by BS779-2 which
is the certification scheme. It has been developed bythe BSI (British Standard
Institute) and is probably the most globally deployed/quoted information
security standard.
There is globally multiple initiative, the NIST for example has published a
suite of document that adress the various elements of information security from
an implementation perspective such has BCP, security awareness, incident
response, security for VOIP...
The only issue you might end up having with BS7799 is that unless you are a
seasoned security profesionnal with a wide array of experience and each and
every of the 10 domains, it won't be really usefull. ISO resume in 100 pages
what should be putten in place and the reason why. It doesn't explain how to
do it from A to Z, remember, it's a standard/compliency scheme, so it is design
to tell auditor how to certified that someone is compliant. NIST on the other
hand is more of a suite of receipe book that will support you into an ISO
compliancy initiative.
I hope this help.
Have a great day!
Martin Dion, CISM
Chief Technology Officer
FIRST Representative, AboveSecCERT
Above Security
Phone: 450.430.8166 #103
Cell: 514.831.5427
Web: www.abovesecurity.com
________________________________
From: NabilM@kuveytturk.com.tr [mailto:NabilM@kuveytturk.com.tr]
Sent: Tue 11/01/2005 1:44 AM
To: security-management@securityfocus.com
Subject: diff btw BD 7799, ISF Security Standard, ITIL and others..
Fellows,
Can some one point me too some article(s), or summarize me the
difference between these IT Security Standards including BD 7799, ISF
Security Standard, ITIL and others. I read some where that BS 7799 is
less like a standard and more like security practices that enable one to
build and tailor a security standard for his/her particular
organization. On the other hand, ISF standard was prepared by taking BS
7799 into account. I plan to implement a standard this year for my org,
and I am in the process of comparing the available ones. Any help in
this would be greatly appreciated.
Thanks in advance,
-Nabil.
DISCLAIMER:
Bu elektronik posta ve ekleri, sadece yukarida ismi yazili alicinin dikkatine
gonderilmistir. Mesajin muhatabi degilseniz, icerigini ve varsa ekindeki
dosyalari kimseye aktarmayiniz ya da kopyalamayiniz. Boyle bir durumda
gondereni uyarip, mesaji imha ediniz. KUVEYT TURK E.F.K. A.S bu e-postanin ve
eklerinin icerdigi bilgilerin size degisiklige ugrayarak ulasmasindan veya gec
ulasmasindan, butunlugunun ve gizliliginin korunamamasindan veya icerigine
guvenilerek yapilacak islemlerden dolayi sorumlu tutulamaz.
This e-mail & its content have been sent to the attention of the receiver named
above. If you are not the intended recipient (or have received this e-mail in
error), Please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this e-mail
is strictly forbidden. Kuwait Turkish Evkaf Finance House shall not be held
liable for the arrival of this e-mail & its content as modified or late, the
protection of integrity and secrecy and shall not be liable to any person who
acts or omits to do anything in reliance upon it.
