Critical Comparison of ISF Standards of Good Practice and the ISO 17799

Powerful Essays
PROBLEM STATEMENT

This document serves the purpose of critically comparing the ISF Standards of Good Practise and the ISO 17799. This paper will include, amongst other issues areas of correspondence, areas of difference, usability and readability

INTRODUCTION

With constant reports in the media of hacked sites, denial of service attacks, computer espionage and newly discovered vulnerabilities in applications and hardware, it is impossible for the management of any organization to ignore the likelihood of a security incident occurring. Over the last few years concerns to protect the organization’s assets and minimize liability has grown substantially, of recent it has become management’s personal responsibility to implement effective information security controls.

The majority of organizations will typically have some security controls in place, often a mix of technology (e.g. firewalls and anti-virus software) and documented policies (e.g. Password Policy, Email and Internet Usage Policy). The real challenge is developing these into an integrated Information Security Management System that will support the organization’s key business processes and strategic objectives as well as protect the electronic assets of the company and mitigate any risks that will result in an unfavorable situation for the company.

Why use a standard one may ask but there are few organizations nowadays who do not have links from their internal systems to the Internet, and who cannot identify outsiders, such as competitors or criminals, who may wish to exploit the information on their systems to their advantage. Thus without a standard approach to an area as diverse and as vital as information security it is unlikely that the organization will consider all aspects of security and not be at risk from a security incident that may seriously damage their business. That is where use of standards is crucial, they will provide guidelines on



Bibliography: 1. Solms, B., Solms, R. (2007) Information Security Governance. 2. ISF Standards Of Good Practice for Good Practice (2005) [On-Line]. Available: http://www.isfsecuritystandard.com/index_ie.htm, [Accessed] 20/09/07 3. Solms, B., Solms, R. (2001) Incremental information security certification. Computers and Security, 20(4), pp. 308-310 4. International Organization for Standardization and International Electro technical Commission. ISO/IEC 17799:2005 Information technology - Code of practice for information security management. ISO/IEC 2005 5. Andersen, PW. (2001) Information Security Governance. Information Security Technical Report, vol.6, no. 3

You May Also Find These Documents Helpful

  • Good Essays

    ISO Standards

    • 892 Words
    • 4 Pages

    What are the standards? Standards are documented agreements containing technical specifications or other precise criteria to be used consistently as rules, guidelines, or definitions of characteristics, to ensure that materials, products, processes and services are fit for their purpose. For example, the format of the credit cards, phone cards, and "smart" cards that have become commonplace is derived from an ISO International Standard. Adhering to the standard, which defines such features…

    • 892 Words
    • 4 Pages
    Good Essays
  • Powerful Essays

    ISO STANDARDS

    • 18224 Words
    • 75 Pages

    guiding principles of UIMS based on ISO 9001:2008 standard requirements in “Teaching and Learning” including library and computer lab services. The objectives of Quality Manual are i. To explain the organization’s policy in handling the services of “Teaching and Learning” ii. To outline the procedures and fulfill the objectives of quality system for “Teaching and Learning” including library and computer lab services in line with the implementation of ISO 9001:2008 4.2.3 Control of documents…

    • 18224 Words
    • 75 Pages
    Powerful Essays
  • Good Essays

    Iso Standards and Tqm

    • 4398 Words
    • 18 Pages

    FOCUS ON TQM, EQM AND ISO INTRODUCTION Environment may be broadly understood to mean our surroundings. It can be divided into non-living and living components. The Environment provides resources which support life on the earth and which also help in the growth of a relationship of interchange between living organisms and the environment in which they live. ISO • What? ISO (International Organization for Standardization) is the world 's largest developer and publisher of International…

    • 4398 Words
    • 18 Pages
    Good Essays
  • Powerful Essays

    Iso 9000 Standard

    • 2260 Words
    • 10 Pages

    Lecture Notes - ISO 9000 Standards ISO 9000 Standards Browse the web sites: http://www.iso.org/iso/home.htm http://www.ansi.org/ http://www.bsi-global.com/ There are three types of quality standards: 1 Product standards. These set safety and functionality requirements for products. 2 Quality Control standards. These lay out the statistical techniques which can be used to make inferences about the proportion of defective products and so on. 3 Quality Assurance standards. These standards talk about…

    • 2260 Words
    • 10 Pages
    Powerful Essays
  • Best Essays

    Need of ISO Standards for SEO (Rashid Maqbool) becoformanite@yahoo.com COMSATS Institute of Information Technology Lahore, Pakistan. Abstract: Mostly websites do not match the search engine requirements because of either black SEO implementation or no SEO to them. SEO supports the websites to get top rankings on the search engines. To get top ranking on search engines is the ultimate aim of each product and service based website. This top ranking on search engines leads more traffic towards…

    • 2587 Words
    • 11 Pages
    Best Essays
  • Powerful Essays

    ISO-TQM-EFQM comparison

    • 3413 Words
    • 14 Pages

    QUALITY CONTROL CLASS PROJECT ISO-TQM-EFQM A Comparison TABLE of CONTENTS ABSTRACT 1.INTRODUCTION 2. BACKGRAUND INFORMATION 2.1 INTERNATIONAL STANDARDS FOR ORGANIZATIONS (ISO) 2.2 TOTAL QUALITY MANAGEMENT 2.3 EUROPEAN FOUNDATION FOR QUALITY MANAGEMENT (EFQM) 3. A COMPARISON 3.1 ISO AND TQM 3.2 ISO AND EFQM 3.3 TQM AND EFQM 4. CONCLUSION 5. REFERENCES…

    • 3413 Words
    • 14 Pages
    Powerful Essays
  • Powerful Essays

    ISO

    • 2144 Words
    • 16 Pages

    ISO 9000 ISO 9000 defines quality system standards, based on the premise that certain generic characteristics of management practices can be standardized, and that a well designed, wellimplemented and carefully managed quality system provides confidence that the outputs will meet customer expectations and requirements. •ISO 9000 is a family of international quality management standards and guidelines. •ISO 9000 earned a global reputation as the basis for establishing quality management systems. •ISO…

    • 2144 Words
    • 16 Pages
    Powerful Essays
  • Best Essays

    Critique "Critical factors for effective implementation of ISO 9001 in SME service companies", (Psomas at al. 2010, p. 440-457) Introduction The paper in review is part of the Journal “Managing Service Quality” which was published in 2010. At the time of publication the authors were researching for the University of Ioannina in Greece1 (Psomas, et al., 2010, p. 457). Evangelos Psomas was a Research Assistant and received a PhD in Total Quality Management (TQM) in 2008 (Psomas, et al., 2010, p…

    • 1753 Words
    • 8 Pages
    Best Essays
  • Good Essays

    Isos

    • 288 Words
    • 2 Pages

    What is an iso? An ISO is something that holds files contained on a CD or DVD. When using an ISO you have three different options you can either copy it to a CD or an DVD. Or you can mount it to a virtual CD or extract it onto a hard drive. ANSI stands for the American National Standards Institute which an organization in the US which sets the standards used for testing the quality and safety of electronic equipment, scientific equipment etc. It has also established a standard set of letters…

    • 288 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    Iso 22000

    • 815 Words
    • 4 Pages

    essential that adequate control be in place. Therefore, a combined effort of all parties through the food chain is required. [edit]ISO 22000 standard The ISO 22000 international standard specifies the requirements for a food safety management system that involves the following elements: interactive communication system management prerequisite programs HACCP principles Critical reviews of the above elements have been conducted by many scientists [1], [2], [3],.[4] Communication along the food chain…

    • 815 Words
    • 4 Pages
    Powerful Essays