Security Risk Analysis & Assessment, and ISO 27000 Compliance
THE SRM TOOLKIT
This is widely considered to be the ulitmate toolset for security risk professionals.
It can now be viewed on its own dedicated website: www.risk.biz
The Leading Security Risk Analysis and ISO 27000 Compliance Tool
ISO 17799 / BS7799 Compliance Checking Made Easy
BS7799, was first published in February 1995 as a comprehensive set of controls comprising best practices in information security. Since then it has grown steadily in influence and importance.
The standard is intended to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used in industry and commerce, and to be used by large, medium and small organizations. It was significantly revised and improved in May 1999. In December 2000 it was published by ISO as ISO 17799.
With certification schemes firmly in place, ISO 17799 may ultimately become a benchmark against which all organizations will be measured. There have even been suggestions in some quarters of mandatory inclusion of an organization's ISO 17799 status within its annual returns/report.
ISO17799 covers the whole gamut of information security issues. It consists of ten discrete core sections, each focusing upon a specific aspect (ranging from Systems Development to Business Continuity). Within these, the detailed standards and controls are documented and explained.
Establishing your current position with respect to the standard is of course the first step to conformance. This can actually be much harder than may appear, and can be an intensive and costly exercise.
How do you measure your own ISO17799 compliance level? Thereafter, how should you plan and implement changes to improve this situation? In short, how do you shape up against it and what can you do to comply?
COBRA ISO17799 Consultant is an integral part of the COBRA suite. It a knowledge based PC product designed to guide you through this exercise. It will carefully measure your compliance and situation, making specific recommendations where appropriate.
Through a series of questions with multiple choice responses, COBRA ISO17799 Consultant will take you through the whole of the standard. It will:
ISO17799 Consultant is extremely easy to use and requires no prior training. It is also flexible, focusing upon your individual needs and organizational culture. Unlike some other approaches, it is not just 'an electronic tick list'. In short, it delivers added value - containing real knowledge and expertise. It acts as a true consultant, but with unquestionable objectivity.
If you wish to gauge your position against the code, or simply wish to improve your security and compliance level, COBRA ISO17799 Consultant is the essential aid.
Through the optional Module Manager component/system, the facility is provided to tailor the system to unique individual requirements or company culture. The questions, reports, and underlying profiles and recommendations can all be readily changed using this system. Again, simplicity of use and flexibility is the key. The whole of the ISO 17799 knowledge base can be altered and adapted with ease.