OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Biju Mukund (bmukund@mielesecurity.com)
Date: Wed Aug 08 2001 - 23:31:16 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Wow Steve,
    I was delighted to read your mail.
    You gave us a summary of so much research I was up to for such a long time.
    I am a BS 7799 Certified Auditor and was trying to give my banking clients
    and manufacturing clients various inputs what would help them best in Indian
    Conditions.

    Let me quickly state that although ISO 17799 is something one can follow one
    cannot get certified to the same. The reason is that ISO 17799 is guideline
    to the best practices and corresponds to BS 7799 Part 1.
    One can get certified to BS 7799 Part 2.

    Best Regards,

    Biju Mukund
    Manager-Business Development
    MIEL e-Security Pvt. Ltd.
    E 417/418 Floral Deck Plaza
    MIDC Road,
    Andheri East
    Mumbai 400 093
    Tel: (022)821 50 50 / 821 5391/ 821 5438
    Fax: (022) 821 5838
    bmukund@mielesecurity.com
    www.mielesecurity.com

    -----Original Message-----
    From: Power Steve [mailto:steve.power@barclaycard.co.uk]
    Sent: Wednesday, August 08, 2001 2:32 PM
    To: 'cisspstudy@securityfocus.com'
    Subject: FW: Back by popular demand : Summary of US standards question

    Hi all

    I did try and send this immediately, but it didn't appear...spooky.

    Steve

    -----Original Message-----
    >From: Power Steve
    Sent: Tuesday, August 07, 2001 4:26 PM
    To: 'cisspstudy@securityfocus.com'
    Subject: Back by popular demand : Summary of US standards question

    Names have been omitted to protect the innocent....

    US companies do acknowledge international standards such as ISO 9000, ISO
    17799.

    US companies can be regulated by state or federal rules, e.g. HIPAA for
    healthcare, or SEC, OCC and FDIC for banks. Useful sites include
    www.audit.net <http://www.audit.net> , www.infosyssec.com
    <http://www.infosyssec.com> , and www.fistgov.gov <http://www.fistgov.gov>

    BS7799 is widely recognized as a best practice. The closest you may find to
    it in the US however, is SAS70.

    Best Practices is fairly standard, but is an evolving practice due to
    Legislature.

    The item you must be familiar with is the Gramm Leach Bliley Act and how it
    effects the Bank's US
    practices.

    Many banks don't use ISO standards but use SAS
    http://www.sas70.com/index2.htm <http://www.sas70.com/index2.htm>

    more US companies are using the BS7799 now ISO 17799 as a guideline. There
    really isn't an equivalent ANSI standard that covers all the areas that
    x7799 does.

    Companies in the US use ISO9000/2000 standards. Not many use the ISO 17799.
    The US Department of Commerce, National Institute of Standards and
    Technology (NIST) has published a Self Assessment Guide for Information
    Technology which can be found at http://csrc.nist.gov/
    <http://csrc.nist.gov/> It was released in March 01.

    Many thanks to all that replied.

    Anyone else wanna try and stimulate discussion ? ;)

    Steve

    Legal Disclaimer:-

    Please be aware that messages sent over
    the Internet may not be secure and should
    not be seen as forming a legally binding
    contract unless otherwise stated.