Home page logo

basics logo Security Basics mailing list archives

Re: 7799?
From: Alessandro <a.bottonelli () infinito it>
Date: Tue, 4 Nov 2003 19:49:16 +0100

On Tuesday 04 November 2003 00:23, jm wrote:

I have been asked to look at getting a small organisation up to 7799
accreditation standards in a short time span.

They have minimal systems; email, internet access, CRM Database, on 2
servers, and around 10 pc s, so the quantity of work should not be too

As already well said by David, the bulk of BS7799 accreditation process has 
to do with processes and organization regardless of the company size.

Also David's point about buying in from senior management can't be stressed 
enough. Preparing for accreditation and getting it may be expensive 
(especially for a small org) and may change the security posture 
(culturally-wise) of the organization significantly. A good starting point 
would be examining the motives of the company for getting the certification: 
the market demands them to? Image? Marketing? Compliance with 
law/regulations/contracts? Any combination of the above? Any other motive?

I personally don't believe much in automated software for BS7799 compliance 
or any other standard compliance to that matter. But that's just me.

My 0.02 Euros worth :-)

Alessandro Bottonelli

The Presidio integrates PGP data encryption and XML Web Services security to 
simplify the management and deployment of PGP and reduce overall PGP costs 
by up to 80%.
FREE WHITEPAPER & 30 Day Trial - 

  By Date           By Thread  

Current thread:
  • 7799? jm (Nov 04)
    • Re: 7799? Alessandro (Nov 04)
    • Re: 7799? Alessandro (Nov 05)
    • <Possible follow-ups>
    • RE: 7799? David Brown (Nov 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]