Information Security Governance Papers
| Paper Title | The Analysts’ Views On ISO 17799 And 27001 |
|---|---|
| The Abstract of The Paper |
By and large, the technology industry analysts have endorsed the
use of ISO 17799 and ISO 27001. Forrester has stated that ISO
17799 is “the best choice for a security framework.”
Forrester continued “firms should use the standard for building an information security program because it provides a commonly accepted framework for security. Using it will provide a consistent benchmark for an organization and its entities/business partners to communicate and establish information security controls and requirements.” Gartner forecasts “ISO 17799 will be the most common standard used to judge the information security posture of an organization.” They are also now recommending to organizations that are planning to outsource IT operations to firms in India, to “require that all providers and data center locations be BS7799 Part 2 or ISO 27001 certified.” Fred Cohen, principal analyst for Security and Risk Management Strategies at Burton Group, stated in an IT Week article that companies should aim for compliance with the standard and added that “anyone with more than a few hundred staff would be foolish not to comply.” |
| Web Link | http://www.wolcottgroup.com/documents/WG_ISO27001PoV_0607C2.pdf |