Friday, February 24, 2012

BS7799 - all vote in Favour.

G/day forum,
Can anyone give me an insight into the effectiveness of using BS7799 as a
basis for a corporate security policy? I work in an E-Commorce environment
and now it transpires that a strictly enforced corporate security policy has
to be put in place.
Regards,
Steve.> Can anyone give me an insight into the effectiveness of using BS7799
> as a basis for a corporate security policy? I work in an E-Commorce
> environment and now it transpires that a strictly enforced corporate
> security policy has to be put in place.
Plus:
It saves you the trouble of writing all that text yourself and it's a
reasonable "middle of the road" baseline. And you won't have to explain to
anyone where you got that baseline from.
Minus: It might be a lot heavier than you really need. So you must do a risk
analysis first and then decide which measures you want to enforce (must
have) and which are "nice to have".
Then the problem is that the global guidelines of BS7799 still must be
translated to the workfloor. For example BS7799 won't tell you how to harden
your IIS webserver.|||Thanks Peter.
Take it that I've got very sensitive data stored in my network and I want to
harden down each system to a very secure standard.
Would this be a correct baseline? Is there any useful URL you could point me
towards (besides the Google search)? Do I have to purchase it?
Regards,
Steve.
"Petr Kazil" <pklist01_removethisnojunkmail_@.xs4all.nl> wrote in message
news:40506abc$0$570$e4fe514c@.news.xs4all.nl...
> Plus:
> It saves you the trouble of writing all that text yourself and it's a
> reasonable "middle of the road" baseline. And you won't have to explain to
> anyone where you got that baseline from.
> Minus: It might be a lot heavier than you really need. So you must do a
risk
> analysis first and then decide which measures you want to enforce (must
> have) and which are "nice to have".
> Then the problem is that the global guidelines of BS7799 still must be
> translated to the workfloor. For example BS7799 won't tell you how to
harden
> your IIS webserver.
>

No comments:

Post a Comment