headlines
ISO17799 is the internationally
accepted standard for Information Security management
a number of regulating agencies, including the
Data Protection Commissioner have declared ISO17799 as a benchmark for
prudent and competent practice
expert, independent assessment of the gap between
current security management and an implementation of ISO17799 appropriate
to the organisation
identifies:
improvements in security based upon industry best practice
achievement and shortfall in ISO17799 control areas relevant to the business
plan of activities for ISO17799 compliance
expert comment on formal ISO17799 certification
issuesISO17799 is the internationally
accepted standard for Information Security management. Organisations of
all sizes have identified the value of compliance, either pursuing formal
certification through accreditation agencies, or adopting the standard
through implementing ISO17799 as their guiding framework for internal
security management.
This has been reinforced by a number of regulating
agencies declaring ISO17799 as their benchmark for prudent and competent
practice, including the Data Protection Commissioner. There is also growing
support within government contracting circles for ISO17799 to be a future
mandated standard.
The pressures are obviously building to comply with
ISO17799, but the scope of the Standard is wide, and experienced, professional
interpretation and guidance is essential for effective and economical
application.
It can be difficult for an enterprise to make objective,
well informed decisions about how to cost effectively adopt the Standard
and whether to seek formal certification. It is a sensible first step
to commission an independent, expert review to assess how current practices
match up to the standard and compare with accepted industry practice.
approachThe gap analysis is essentially
an audit focused on identifying appropriate implementation of ISO17799
and outlining the improvements required to achieve this.
The steps followed are:
- review Information Security Policy and advise on and agree scope
of the Information Security Management System
- conduct a Risk Assessment Workshop
- agree control objectives (Statement of Applicability)
- review controls (interview, observation, inspection)
- information Security Management status report & findings workshop
- agree gap analysis
- final report with recommendations for improvement and options for
implementation of ISO17799
customer benefitsProvision of an
expert, independent assessment of the gap between current security management
and an implementation of ISO17799 appropriate to the customer's organisation.
- recommendations on business areas, systems and processes requiring
improvements in security based upon industry best practice
- statement of achievement and shortfall in ISO17799 control areas
relevant to the business
- outline plan of activities for ISO17799 compliance
- expert comment on the advisability of seeking formal ISO17799 certification
|
Note: You can download details of this service as a Adobe
Acrobat PDF by clicking on the button above. If you do not already
have Acrobat Reader, you can download it for free from the
downloads page.
|
health
ISO17799 / BS7799
detailed
snapshot
