ISO 17799 a Good Kickoff for Compliance

Ken Hardin

Your first reaction after reading this overview piece at ComputerWeekly.com on the raft of compliance schemes now facing business might be to throw your hands up in helpless frustration.

 

Aside from spending big bucks on some of the enterprise-class compliance suites touched on in the article -- and for those of you at large enterprises, get your checkbooks ready -- how are you supposed to stay on top of PCI, Sarbox, the UK Data Protection Act 1998, ad nauseum?

 

The common-sense advice here is to start by getting your general security posture in line by adopting the International Standards Organisation's ISO 17799. Not that 17799 is the end game in compliance; sources quoted in the ComputerWeekly piece note that PCI is so granular to credit card processing that it simply must be tackled as a stand-alone concern.

 

But an ISO 17799 audit at least will let you get your hands around what you may be doing wrong, and stand as the starting point for more finely-tuned system and process enhancements. And the entry points to this process don't have to cost a lot of money.

 

Just so you don't start feeling too comfortable -- ComputerWeekly.com points to auto-lockdown systems employeed by the Pentagon as examples of where serious compliance solutions may be headed.



Add Comment      Leave a comment on this blog post
Jul 6, 2007 1:44 AM Mike Mike  says:
I think meeting the ISO 17799 standards also helps in complying with many other regulations. A crosswalk matrix poster between different regulations is a very useful tool for compliance team and risk management office. This poster is crosswalk between: ISO 17799, COBIT 4.0, Sarbanes Oxley, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada). http://www.compliancehome.com/symantec/ Reply
Jul 6, 2007 11:28 AM Mike Mike  says:
I think meeting the ISO 17799 standards also helps in complying with many other regulations. A crosswalk matrix poster between different regulations is a very useful tool for compliance team and risk management office. This poster is crosswalk between: ISO 17799, COBIT 4.0, Sarbanes Oxley, HIPAA, Payment Card Industry (PCI), GLBA, NERC standards CIP and PIPEDA (Canada). http://www.compliancehome.com/symantec/ Reply

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

null
null

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.