Hello all,
I'm seeking comments from security professionals
and organizations that have either considered,
adopted or gained certification under BS 7799/ISO
17799.
Specifically, I'd like to hear about people's experience
going through the adoption/certification process, why
they chose to use 7799 as a framework or a
standard, and whether it was worth it.
I'd like to hear from people who've looked at 7799 and
decided against using it. Things I'd like to hear are
why it's not worth adopting, problems in its standards
(too broad, too specific, etc.) and so forth.
Additionally, I'd like to hear from those people who've
found alternatives to 7799. What are they and why
are they better than 7799?
Finally, I'd be interested in people's thoughts about
the creation of a "one-size-fits-all" standard for
Information Security. Is such a thing possible? Will
7799 eventually evolve into such a standard? Or will
there be another standard that attempts to
encompass everything about IT security?
I appreciate any assistance the members of this list
can lend.
Thanks,
Larry Walsh
Managing Editor
Information Security Magazine
[EMAIL PROTECTED]
www.infosecuritymag.com