What about the BS7799 Security Standard ?

Discussion in 'polls' started by xss.ro, Jul 19, 2005.

?

Did you heard about BS7799 Security Standard ?

  1. Yes

    4 vote(s)
    40.0%
  2. No

    6 vote(s)
    60.0%
Thread Status:
Not open for further replies.
  1. xss.ro

    xss.ro Registered Member

    Joined:
    Jul 19, 2005
    Posts:
    1
    Did anyone here think to train personnel or implement security rules following the ISO 17799 (BS 7799) Standard ? If so ... how much do you think this count in an organisation ?
    Please send feedback !
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States

    IT------->
    o_O


    Sorry to say, but I have no idea what you are talking about
     
  3. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
  4. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
  5. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    i still dont understand it, (in layman terms) what does it do and how does it affect us?
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,874
    Location:
    New England
    This is basically a best practices standard that outlines how to establish and maintain a security policy and organization within a business environment. Information Security in a business is a lot more then just running security applications, installing firewalls, and creating user accounts. To do it right, you need to build and maintain a formal structure to oversee security and its implementation within an organization. Standards have to be created and followed. Accountability assigned. Documentation is needed. Auditing must be done...

    It's all pretty dry stuff, and is not very interesting to home computing users. But, it is a necessary evil in a business environment, especially for publicly traded companies, or those subject to outside audit or oversight.

    The answer to xss.ro is really a whole bunch of questions. The value of implementing the standard depends entirely upon the organization's needs. Starting with questions about the type of organization; it's size; it's clients, customers and employees; the type of data it handles and the exposures it'd face given data loss or theft... After some basic questions, a risk analysis is probably a good place to start. As with most things in business, not everything that appears to be the right way to do something is appropriate in all situations. Different sized companies with different exposure levels require different levels of security.
     
  7. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    The standard is great for communication purposes. The real value is that it's a standard that most security professionals (security managers, security architects, auditors) know, so, you know what others mean.

    The standard is quite broad. Security measures are on a strategic (do you have a security policy) as well as on an operational level (do you have anti virus). It's an ISO standard, but one may well wonder why, since it's not very consistent in this manner.
    We use it to define our own security policy and our own security planning.

    I don't like the standard, but it can be used to create awareness at corporate management level and as such it can be used as a basis for your security budget claim.
    It's okay as a communication means, but implementing it will not make an organisation secured. It's okay to use as a checklist, though, an organisation can be certified for implementing the standard.
     
Loading...
Thread Status:
Not open for further replies.