Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Management
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: diff btw BD 7799, ISF Security Standard, ITIL and others..

from [dave kleiman] Network Security [Permanent Link]
Subject: RE: diff btw BD 7799, ISF Security Standard, ITIL and others..
Date: Tue, 11 Jan 2005 12:35:03 -0500 
Let me just add to Martin's very detailed explanation, a place where you can
read all about BS7799 on your own.

http://www.riskserver.co.uk/bs7799/whatisit.htm
http://www.riskserver.co.uk/bs7799/

____________________________________________
Dave Kleiman, CISSP, ISSMP, CISM, CIFI, MCSE

www.SecurityBreachResponse.com


-----Original Message-----
From: Martin Dion [mailto:martin.dion@abovesecurity.com]
Sent: Tuesday, January 11, 2005 06:58
To: NabilM@kuveytturk.com.tr; security-management@securityfocus.com
Subject: RE: diff btw BD 7799, ISF Security Standard, ITIL and others..

Good morning,

To go by the book, BS7799 is actually a standard while ISF is more of a best
practice partly inspire by BS7799.

BS7799-1 or ISO 17799 is an ISO document that is complemented by BS779-2
which is the certification scheme.  It has been developed bythe BSI (British
Standard Institute) and is probably the most globally deployed/quoted
information security standard.

There is globally multiple initiative, the NIST for example has published a
suite of document that adress the various elements of information security
from an implementation perspective such has BCP, security awareness,
incident response, security for VOIP...

The only issue you might end up having with BS7799 is that unless you are a
seasoned security profesionnal with a wide array of experience and each and
every of the 10 domains, it won't be really usefull.  ISO resume in 100
pages what should be putten in place and the reason why.  It doesn't explain
how to do it from A to Z, remember, it's a standard/compliency scheme, so it
is design to tell auditor how to certified that someone is compliant. NIST
on the other hand is more of a suite of receipe book that will support you
into an ISO compliancy initiative.

I hope this help.

Have a great day!

Martin Dion, CISM
Chief Technology Officer
FIRST Representative, AboveSecCERT

Above Security
Phone: 450.430.8166 #103
Cell: 514.831.5427
Web: www.abovesecurity.com


________________________________

From: NabilM@kuveytturk.com.tr [mailto:NabilM@kuveytturk.com.tr]
Sent: Tue 11/01/2005 1:44 AM
To: security-management@securityfocus.com
Subject: diff btw BD 7799, ISF Security Standard, ITIL and others..



Fellows,

Can some one point me too some article(s), or summarize me the difference
between these IT Security Standards including BD 7799, ISF Security
Standard, ITIL and others. I read some where that BS 7799 is less like a
standard and more like security practices that enable one to build and
tailor a security standard for his/her particular organization. On the other
hand, ISF standard was prepared by taking BS
7799 into account. I plan to implement a standard this year for my org, and
I am in the process of comparing the available ones. Any help in this would
be greatly appreciated.

Thanks in advance,

-Nabil.


DISCLAIMER:
Bu elektronik posta ve ekleri, sadece yukarida ismi yazili alicinin
dikkatine gonderilmistir. Mesajin muhatabi degilseniz, icerigini ve varsa
ekindeki dosyalari kimseye aktarmayiniz ya da kopyalamayiniz. Boyle bir
durumda gondereni uyarip, mesaji imha ediniz. KUVEYT TURK E.F.K. A.S bu
e-postanin ve eklerinin icerdigi bilgilerin size degisiklige ugrayarak
ulasmasindan veya gec ulasmasindan, butunlugunun ve gizliliginin
korunamamasindan veya icerigine guvenilerek yapilacak islemlerden dolayi
sorumlu tutulamaz.
This e-mail & its content have been sent to the attention of the receiver
named above. If you are not the intended recipient (or have received this
e-mail in error), Please notify the sender immediately and destroy this
e-mail. Any unauthorized copying, disclosure or distribution of the material
in this e-mail is strictly forbidden. Kuwait Turkish Evkaf Finance House
shall not be held liable for the arrival of this e-mail & its content as
modified or late, the protection of integrity and secrecy and shall not be
liable to any person who acts or omits to do anything in reliance upon it.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: diff btw BD 7799, ISF Security Standard, ITIL and others.., alan_willcox
Next by Date:  RE: diff btw BD 7799, ISF Security Standard, ITIL and others.., Martin Dion
Previous by Thread:  RE: diff btw BD 7799, ISF Security Standard, ITIL and others.., Martin Dion
Next by Thread:  RE: diff btw BD 7799, ISF Security Standard, ITIL and others.., Newcomb, Kelly
Indexes:  [Date] [Thread] [Top] [All Lists]