The real thing with iso 27001 is ....
Forget BS 7799-2:2002 it was usefull only to apply
ISO17799:2000 -
And now, with the release of ISO/IEC 17799:2005, is ISO
27001 is the
reference to apply the standar (controls) by implementing
and ISMS.
Remenber ISO27001 has the requirementes to implement an ISMS
(clausule 4
to 8 are mandatory) , and it has the ANEX A, which lists all
the contros
of iso17799.
and, Samir, one correction here....there are 133 controls,
not 132....
Cesar H. Tarazona T.
This e-mail and any files transmitted with it are for the
sole use of the
intended recipient(s) and may contain confidential and
privileged
information. If you are not the intended recipient, please
contact the
sender by reply e-mail and destroy all copies of the
original message. Any
unauthorized review, use, disclosure, dissemination,
forwarding, printing
or copying of this email or any action taken in reliance on
this e-mail is
strictly prohibited and may be unlawful.
S Pawaskar <samirp eim.ae>
Sent by: listbouncesecurityfocus.com
20/12/2006 11:22 a.m.
To
Vikrant <vikrantalbahja.com>, bs7799securityfocus.com
cc
Subject
Re: BS7799 to ISO 27001
ISO 27001 is the same as BS 7799. In the sense the original
British
Standard
BS 7799 was imported by ISO and released with a few
modifications.
ISO 27001 has 132 controls as opposed to 127 in BS 7799
There has been a few re wordings in the standard itself and
a few changes
majorly like
1. You have to define your Risk Methodology
2. BCP is very critical
3. And Most Imp... You need to measure effectiveness of ISMS
,
Regards
Samir Pawaskar
----- Original Message -----
From: "Vikrant" <vikrantalbahja.com>
To: <bs7799securityfocus.com>
Sent: Wednesday, December 20, 2006 12:28 PM
Subject: BS7799 to ISO 27001
> Hi group,
>
> How different is BS7799 to ISO 27001 ?
>
> regards
>
>
|