Nabil,
I would suggest detailing why you want a standard before proceeding -
while it's always a good idea to check with the auditors/lawyers first,
you should set some core objectives and then refer to the available
standards to determine which can help you get to a stable endpoint. No
standard can be wholesale transplanted into your specific organization
without modification. What are you looking to get out of implementing
standards? Cost savings/operational excellence/risk
management/QOS....what do your customers (read: users) want/need??
If your objectives are simply controls/compliance (eg. SOX), based, your
Auditors will likely endorse CoBIT/COSO. However, if you're looking to
standardize policy, process and procedure then ITIL and ISO/BS can
help. There are some decent 101-level articles/papers in the SANS
reading room which you might want to review. Either way, define your
objectives and then see which approach best suites those objectives.
Regards.....
Newcomb, Kelly wrote:
You might try talking with your auditor(s) and ask them which "standard"
they will be measuring you against. That might help with your direction.
Hope this helps...
--
Kelly Newcomb, CISSP
Information Security Officer
Texas Guaranteed - The Guarantor of Choice
Voice: 512-219-4697
Email: kelly.newcomb@tgslc.org
"Discipline is doing something you don't want to do when you don't want
to do it, in order to do something you want to do when you want to do
it."
-----Original Message-----
From: NabilM@kuveytturk.com.tr [mailto:NabilM@kuveytturk.com.tr]
Sent: Tuesday, January 11, 2005 12:45 AM
To: security-management@securityfocus.com
Subject: diff btw BD 7799, ISF Security Standard, ITIL and others..
Fellows,
Can some one point me too some article(s), or summarize me the
difference between these IT Security Standards including BD 7799, ISF
Security Standard, ITIL and others. I read some where that BS 7799 is
less like a standard and more like security practices that enable one to
build and tailor a security standard for his/her particular
organization. On the other hand, ISF standard was prepared by taking BS
7799 into account. I plan to implement a standard this year for my org,
and I am in the process of comparing the available ones. Any help in
this would be greatly appreciated.
Thanks in advance,
-Nabil.
DISCLAIMER:
Bu elektronik posta ve ekleri, sadece yukarida ismi yazili alicinin
dikkatine gonderilmistir. Mesajin muhatabi degilseniz, icerigini ve
varsa ekindeki dosyalari kimseye aktarmayiniz ya da kopyalamayiniz.
Boyle bir durumda gondereni uyarip, mesaji imha ediniz. KUVEYT TURK
E.F.K. A.S bu e-postanin ve eklerinin icerdigi bilgilerin size
degisiklige ugrayarak ulasmasindan veya gec ulasmasindan, butunlugunun
ve gizliliginin korunamamasindan veya icerigine guvenilerek yapilacak
islemlerden dolayi sorumlu tutulamaz.
This e-mail & its content have been sent to the attention of the
receiver named above. If you are not the intended recipient (or have
received this e-mail in error), Please notify the sender immediately and
destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
Kuwait Turkish Evkaf Finance House shall not be held liable for the
arrival of this e-mail & its content as modified or late, the protection
of integrity and secrecy and shall not be liable to any person who acts
or omits to do anything in reliance upon it.
