Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Jane E. Sapp (email@example.com)
Date: Wed Aug 08 2001 - 07:44:11 CDT
However, you'll want to add an "r" to fistgov--
www.fistgov.gov should be www.firstgov.gov
Jane E. Sapp
phone: (703) 607-6707 (DSN 327)
From: Power Steve [mailto:firstname.lastname@example.org]
Sent: Wednesday, August 08, 2001 5:02 AM
Subject: FW: Back by popular demand : Summary of US standards question
I did try and send this immediately, but it didn't appear...spooky.
From: Power Steve
Sent: Tuesday, August 07, 2001 4:26 PM
Subject: Back by popular demand : Summary of US standards question
Names have been omitted to protect the innocent....
US companies do acknowledge international standards such as ISO 9000, ISO
US companies can be regulated by state or federal rules, e.g. HIPAA for
healthcare, or SEC, OCC and FDIC for banks. Useful sites include
www.audit.net <http://www.audit.net> , www.infosyssec.com
<http://www.infosyssec.com> , and www.fistgov.gov <http://www.fistgov.gov>
BS7799 is widely recognized as a best practice. The closest you may find to
it in the US however, is SAS70.
Best Practices is fairly standard, but is an evolving practice due to
The item you must be familiar with is the Gramm Leach Bliley Act and how it
effects the Bank's US
more US companies are using the BS7799 now ISO 17799 as a guideline. There
really isn't an equivalent ANSI standard that covers all the areas that
Companies in the US use ISO9000/2000 standards. Not many use the ISO 17799.
The US Department of Commerce, National Institute of Standards and
Technology (NIST) has published a Self Assessment Guide for Information
Technology which can be found at http://csrc.nist.gov/
<http://csrc.nist.gov/> It was released in March 01.
Many thanks to all that replied.
Anyone else wanna try and stimulate discussion ? ;)
Please be aware that messages sent over
the Internet may not be secure and should
not be seen as forming a legally binding
contract unless otherwise stated.