Larry,
When I began work on the OSSTMM (Open Source Security Testing Methodology
Manual (www.osstmm.org) I used the ISO 17799 in the framework because I
wanted to be sure that for one, we did complete the most thorough security
test possible and for two, because I wanted to make sure we were compl
I just completed a major assessment for a globally-based client in which
I compared their security practices (policy, standards, guidelines, and
SOPs) against those recommended by 7799.
From that experience, I would assert that the ISO is an excellent
*starting* point for an organization, de