Information Security Governance Papers
Paper Title | The Caveats Of Using ISO 17799 And 27001 |
---|---|
The Abstract of The Paper |
ISO 17799 and 27001 are not silver bullets. There are no magical
beans to sprout an ISO-certified information security
management system overnight. These initiatives can be costly in
terms of time, resources, and finances. But they do provide the
guidance for developing a successful approach to information
security governance.
Perhaps, Forrester said it best when they stated “ISO 17799 provides the structure for a firm to build its program around, but firms must provide the depth of specific controls for their environments to fill in the framework. Consider 17799 as the framing of a house — with it, you can see what the house looks like along with the rooms, but it is up to you to put in the drywall, carpeting, plumbing, and woodwork.” |
Web Link | http://www.wolcottgroup.com/documents/WG_ISO27001PoV_0607C2.pdf |