Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Date: Wed Sep 26 2001 - 08:26:03 CDT
there is no 1 - 1 relation between BS7799 and CBK. CBK covers much more than
BS7799, e.g. technical security issues, like protocols, strong
authentications methods, PKI (although there is a little bit about key
management) etc are not covered by BS7799 at all. BS7799 is information
security management oriented and does not deal with technical issues.
This site markets a tool to measure your company's BS 7799
They claim that their product will "Establish your compliance level
for each of the ten categories covered". I'm wondering if the 10
Catagories of BS 7799 correspond to the ten fields in the CBK?
If not, how are they related? Does BS 7799 cover as many aspects
of security as the CBK?
Most importantly, I'm looking for the BS 7799 equivalent
of the execllent Orange Book coverage in Russell & Gangemi's
Computer Security Basics (http://www.oreilly.com/catalog/csb/)
Does anyone know where I can find a similarly detailed
analysis of BS 7799?
-- "When you understand UNIX, you will understand the world. When you understand NT....you will understand NT" - Richard Thieme http://www.slothnet.com - is currently unavailable :(