Yhis may seem like an unknowing question - I am new to this board, so
please bear with me.
Who grants the certifications ? Is there a central authority or does the
organization desiring certification contracts with a qualified assessor
(CISA, CISSP) ? Thank you
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Sreeraj Gopinathan
Sent: Thursday, December 21, 2006 9:08 PM
To: 'Fawaz Ghali'; bs7799 (at) securityfocus (dot) com [email concealed]
Subject: RE: BS7799/ISO 27001/ ISO 17799
There is a certain amount of confusion regarding the background and
process of getting the certification. There is BS7799, ISO1799 and now
ISO27001.
Then we have BS7799 Part 1 and Part 2. On top of that we see names with
year appended to it (BS7799-2:2002, ISO27001:2005 etc). On the positive
side, things are getting simpler and ISO27000 series will become the
family of standards for information security (like ISO9000 for Quality
Management System).
History
The original BS7799 Standard was published by the British Standards
Institute (BSI) in 1995. It provided a code of practice for information
security management. Later this became Part 1, when a second part was
published by BSI in 1999. BS7799 Part 2 focused on how to implement an
Information Security Management System (ISMS) and had provision for
obtaining a certification against the standard.
BS7799 Part 1, after several revisions was eventually adopted by ISO as
ISO17799 in 2000. As this is primarily a code of practice, there was no
provision for certification against ISO17799. The ISO certification for
information security management came into existence when BS7799 Part 2
was adopted by ISO as ISO/IEC 27001 in November 2005.
It is simple - BS7799 Part 1 and ISO17799 give code of practices and no
certification against them. The certifications are only against BS7799-2
and ISO27001. Prior to the release of ISO27001 organizations certified
against the BS7799-2 standard. Now the certification is against
ISO27001.
Organisations can also upgrade their certifications from BS7799-2 to
ISO27001.
Hope this didn't add to the confusion.
Cheers
Sreeraj
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Fawaz Ghali
Sent: Thursday, December 21, 2006 9:21 PM
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: BS7799/ISO 27001/ ISO 17799
Hi
are these: BS7799, ISO 27001 and ISO 17799 same? :s :s
Merry Christmas all :D :D
Fawaz
>From: "Vikrant" <vikrant (at) albahja (dot) com [email concealed]>
>To: <bs7799 (at) securityfocus (dot) com [email concealed]>
>Subject: BS7799 to ISO 27001
>Date: Wed, 20 Dec 2006 12:28:10 +0400
>MIME-Version: 1.0
>Received: from outgoing.securityfocus.com ([205.206.231.26]) by
>bay0-mc8-f8.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
>Wed, 20
>Dec 2006 01:56:18 -0800
>Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
> via smtpd (for bay0-oim-f.bay0.hotmail.com [65.54.244.200]) with
>ESMTP; Wed, 20 Dec 2006 01:55:16 -0800
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[205.206.231.19])by outgoing2.securityfocus.com (Postfix) with SMTP id
>4A21718D10Dfor <anafawaz (at) hotmail (dot) com [email concealed]>; Wed, 20 Dec 2006 02:05:01 -0700
>(MST)
>Received: (qmail 17361 invoked by alias); 20 Dec 2006 11:23:56 -0000
>Received: (qmail 19492 invoked from network); 20 Dec 2006 09:59:57
>-0000
>X-Message-Info: txF49lGdW431DYtR2kUKZG11n3hqCRB/WhKcHNSE1O0=
>Mailing-List: contact bs7799-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>X-No-Archive: yes
>List-Post: <mailto:bs7799 (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bs7799-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bs7799-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bs7799-subscribe (at) securityfocus (dot) com [email concealed]>
>Resent-Sender: listbounce (at) securityfocus (dot) com [email concealed]
>Errors-To: listbounce (at) securityfocus (dot) com [email concealed]
>Delivered-To: mailing list bs7799 (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bs7799 (at) securityfocus (dot) com [email concealed]
>References: <20061214111239.14874.qmail (at) securityfocus (dot) com [email concealed]>
><165deb6d0612190226s3f003fe4hbbcb7ee50c3a6871 (at) mail.gmail (dot) com [email concealed]>
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2800.1106
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>X-MDRemoteIP: 172.16.10.85
>X-Return-Path: vikrant (at) albahja (dot) com [email concealed]
>X-MDaemon-Deliver-To: bs7799 (at) securityfocus (dot) com [email concealed]
>Resent-Message-Id:
><20061220090501.4A21718D10D (at) outgoing2.securityfocus (dot) com [email concealed]>
>Resent-Date: Wed, 20 Dec 2006 02:05:01 -0700 (MST)
>Resent-From: bs7799-return-468-anafawaz=hotmail.com (at) securityfocus (dot) com [email concealed]
>Return-Path: bs7799-return-468-anafawaz=hotmail.com (at) securityfocus (dot) com [email concealed]
>X-OriginalArrivalTime: 20 Dec 2006 09:56:19.0396 (UTC)
>FILETIME=[18E99040:01C7241D]
>
>Hi group,
>
>How different is BS7799 to ISO 27001 ?
>
>regards
>
_________________________________________________________________
It's Hotmail's 10th Birthday! Come and play Pass the Parcel
http://www.msnpasstheparcel.com
please bear with me.
Who grants the certifications ? Is there a central authority or does the
organization desiring certification contracts with a qualified assessor
(CISA, CISSP) ? Thank you
Bruce Sussman
Vice President, Risk & Fraud Solutions
NYCE Payments Network, LLC
400 Plaza Drive
Secaucus, NJ 07094
201 605 4841
973 632 9873 cell
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Sreeraj Gopinathan
Sent: Thursday, December 21, 2006 9:08 PM
To: 'Fawaz Ghali'; bs7799 (at) securityfocus (dot) com [email concealed]
Subject: RE: BS7799/ISO 27001/ ISO 17799
There is a certain amount of confusion regarding the background and
process of getting the certification. There is BS7799, ISO1799 and now
ISO27001.
Then we have BS7799 Part 1 and Part 2. On top of that we see names with
year appended to it (BS7799-2:2002, ISO27001:2005 etc). On the positive
side, things are getting simpler and ISO27000 series will become the
family of standards for information security (like ISO9000 for Quality
Management System).
History
The original BS7799 Standard was published by the British Standards
Institute (BSI) in 1995. It provided a code of practice for information
security management. Later this became Part 1, when a second part was
published by BSI in 1999. BS7799 Part 2 focused on how to implement an
Information Security Management System (ISMS) and had provision for
obtaining a certification against the standard.
BS7799 Part 1, after several revisions was eventually adopted by ISO as
ISO17799 in 2000. As this is primarily a code of practice, there was no
provision for certification against ISO17799. The ISO certification for
information security management came into existence when BS7799 Part 2
was adopted by ISO as ISO/IEC 27001 in November 2005.
It is simple - BS7799 Part 1 and ISO17799 give code of practices and no
certification against them. The certifications are only against BS7799-2
and ISO27001. Prior to the release of ISO27001 organizations certified
against the BS7799-2 standard. Now the certification is against
ISO27001.
Organisations can also upgrade their certifications from BS7799-2 to
ISO27001.
Hope this didn't add to the confusion.
Cheers
Sreeraj
-----Original Message-----
From: listbounce (at) securityfocus (dot) com [email concealed] [mailto:listbounce (at) securityfocus (dot) com [email concealed]]
On Behalf Of Fawaz Ghali
Sent: Thursday, December 21, 2006 9:21 PM
To: bs7799 (at) securityfocus (dot) com [email concealed]
Subject: BS7799/ISO 27001/ ISO 17799
Hi
are these: BS7799, ISO 27001 and ISO 17799 same? :s :s
Merry Christmas all :D :D
Fawaz
>From: "Vikrant" <vikrant (at) albahja (dot) com [email concealed]>
>To: <bs7799 (at) securityfocus (dot) com [email concealed]>
>Subject: BS7799 to ISO 27001
>Date: Wed, 20 Dec 2006 12:28:10 +0400
>MIME-Version: 1.0
>Received: from outgoing.securityfocus.com ([205.206.231.26]) by
>bay0-mc8-f8.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
>Wed, 20
>Dec 2006 01:56:18 -0800
>Received: from outgoing.securityfocus.com by outgoing.securityfocus.com
> via smtpd (for bay0-oim-f.bay0.hotmail.com [65.54.244.200]) with
>ESMTP; Wed, 20 Dec 2006 01:55:16 -0800
>Received: from lists.securityfocus.com (lists.securityfocus.com
>[205.206.231.19])by outgoing2.securityfocus.com (Postfix) with SMTP id
>4A21718D10Dfor <anafawaz (at) hotmail (dot) com [email concealed]>; Wed, 20 Dec 2006 02:05:01 -0700
>(MST)
>Received: (qmail 17361 invoked by alias); 20 Dec 2006 11:23:56 -0000
>Received: (qmail 19492 invoked from network); 20 Dec 2006 09:59:57
>-0000
>X-Message-Info: txF49lGdW431DYtR2kUKZG11n3hqCRB/WhKcHNSE1O0=
>Mailing-List: contact bs7799-help (at) securityfocus (dot) com [email concealed]; run by ezmlm
>Precedence: bulk
>X-No-Archive: yes
>List-Post: <mailto:bs7799 (at) securityfocus (dot) com [email concealed]>
>List-Help: <mailto:bs7799-help (at) securityfocus (dot) com [email concealed]>
>List-Unsubscribe: <mailto:bs7799-unsubscribe (at) securityfocus (dot) com [email concealed]>
>List-Subscribe: <mailto:bs7799-subscribe (at) securityfocus (dot) com [email concealed]>
>Resent-Sender: listbounce (at) securityfocus (dot) com [email concealed]
>Errors-To: listbounce (at) securityfocus (dot) com [email concealed]
>Delivered-To: mailing list bs7799 (at) securityfocus (dot) com [email concealed]
>Delivered-To: moderator for bs7799 (at) securityfocus (dot) com [email concealed]
>References: <20061214111239.14874.qmail (at) securityfocus (dot) com [email concealed]>
><165deb6d0612190226s3f003fe4hbbcb7ee50c3a6871 (at) mail.gmail (dot) com [email concealed]>
>X-MSMail-Priority: Normal
>X-Mailer: Microsoft Outlook Express 6.00.2800.1106
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
>X-MDRemoteIP: 172.16.10.85
>X-Return-Path: vikrant (at) albahja (dot) com [email concealed]
>X-MDaemon-Deliver-To: bs7799 (at) securityfocus (dot) com [email concealed]
>Resent-Message-Id:
><20061220090501.4A21718D10D (at) outgoing2.securityfocus (dot) com [email concealed]>
>Resent-Date: Wed, 20 Dec 2006 02:05:01 -0700 (MST)
>Resent-From: bs7799-return-468-anafawaz=hotmail.com (at) securityfocus (dot) com [email concealed]
>Return-Path: bs7799-return-468-anafawaz=hotmail.com (at) securityfocus (dot) com [email concealed]
>X-OriginalArrivalTime: 20 Dec 2006 09:56:19.0396 (UTC)
>FILETIME=[18E99040:01C7241D]
>
>Hi group,
>
>How different is BS7799 to ISO 27001 ?
>
>regards
>
_________________________________________________________________
It's Hotmail's 10th Birthday! Come and play Pass the Parcel
http://www.msnpasstheparcel.com
[ reply ]