Home page logo
/

basics logo Security Basics mailing list archives

Re: BS7799 and Risk Analysis
From: SMiller () unimin com
Date: Wed, 31 Mar 2004 07:03:14 -0500


It also might be useful to take a course or two from the Business
Continuity syllabus to get a better handle on how risk analysis, business
impact analysis, and risk assessment relate to each other and to the
enterprise.  DRII (drii.org) and BCI (thebci.org) are good sources for this
(depending on location).

Scott Miller

"Specialists without spirit, sensualists without heart, this nullity
imagines that it has attained a level of civilization never before
achieved" - J. W. von Goethe


                                                                                                                        
               
                      "Andy Cuff"                                                                                       
               
                      <lists () securitywi        To:       "Net Solvers" <net_solvers () yahoo com>, <firewalls () 
securityfocus com>,         
                      zardry.com>               <security-basics () securityfocus com>, <security-management () 
securityfocus com>           
                                               cc:                                                                      
               
                      03/30/04 04:05 PM        Fax to:                                                                  
               
                      Please respond to        Subject:  Re: BS7799 and Risk Analysis                                   
               
                      "Andy Cuff"                                                                                       
               
                                                                                                                        
               




Hi
 I haven't seen any reply to this on the lists I regularly watch and whilst
I can't give you a definitive answer could point you to some training I
fell
across today.  I was looking for a weeks training that would set me in good
stead for the future and was debating between CISSP and BS7799 and yes I
know they are a World apart.

I've pretty much settled for CISSP but thought the BS7799 Lead Auditor
training may be of interest to you, it's by 7safe
http://www.7safe.com/bs7799-lead-auditor.htm

Hope it helps
-andy

Talisker Security Tools Directory
http://www.securitywizardry.com
----- Original Message -----
From: "Net Solvers" <net_solvers () yahoo com>
To: <firewalls () securityfocus com>; <security-basics () securityfocus com>;
<security-management () securityfocus com>
Sent: Tuesday, March 16, 2004 6:34 AM
Subject: BS7799 and Risk Analysis


Hi friends,
    I would like to get some help on Risk analysis methodology adopted
for
while doing BS7799 ISMS implementation. What risk analysis methodology do
we
need to adopt. To what depth do we need to conduct the risk analysis.  When
we do Risk Analysis for large organizations with more IT assets, spread
across cities, then what should be the approach. Since there are many IT
assets, time taken to conduct RA will be more. How do we reduce the
timeframe. Is manual RA appropriate or RA using commercial tools is
appropriate. How do you rate some commercial tools (like Cobra, Cramm,
Callio Secura etc). Please provide some good pointers.

Thanks in Advance
Security Novice


Do you Yahoo!?
Yahoo! Mail - More reliable, more storage, less spam


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less

to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------







---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]