BS 7799/ISO 17799
Release authority May 25 2007 09:19AM
kartik kashyap gmail com (2 replies)
Re: Release authority May 25 2007 09:54AM
Ismael Valenzuela (ismael valenzuela gmail com) (1 replies)
RE: Release authority May 25 2007 10:31AM
Mark Curphey (mark curphey com)
RE: Release authority May 25 2007 09:41AM
Jose Varghese (jose varghese paladion net) (2 replies)
Re: Release authority May 25 2007 10:31AM
Vivek P (iamherevivek gmail com)
Certifications a magic bullet for e-security! May 25 2007 10:05AM
Vijay Mukhi (vmukhi vsnl com) (3 replies)
Re: Certifications a magic bullet for e-security! May 25 2007 01:29PM
ashish shah (ashishs_71 yahoo com)
Re: Certifications a magic bullet for e-security! May 25 2007 12:18PM
Ryan Chow (rynchow gmail com)
Re: Certifications a magic bullet for e-security! May 25 2007 10:56AM
Vivek P (iamherevivek gmail com) (1 replies)
Hi sir,

It is a pleasure replying to a frank query which has not come out of
the higher managements of companies, It is clear that many of the
organisations fail to be secure even if they get ISO compliant.

My point is to explain why (atleast in India) this is the situation:

1. The first & formest point in ISO is the process:
Security is a process, it cannot be just like plug in
the stuff & relax !! It has to be done with dedication & supported by
a team of experts. It is not the way things are handled.

2. The system which drives an organisation is not security concious
It has been seen that the management that runs the
organsiation is not clear about the severity of lack of security. The
awarness is really less in the crowd about how cruicial security can
get.

3. The last but most serious is that these guys pass on the babby when
some thing goes wrong.
When there occurs a security issue the organisation
blames the security team (if at all outsourced) else the internal team
is set on fire... There is no real.

The solution is simple and clear secuirty audit is good once the
system ( the organisation) is set with a clean architecture, bug free,
secured as far as possible & well maintained.

An ISO audit is to check whether an organisation is compliant to the
industry standards, not to make an unorganised workforce into a
formalised one.

This is my personal opinion...

Thanks for your time.
--
Vivek P Nair
Vice President, Technology
ASG
www.vivekpnair.co.nr
iamherevivek (at) gmail (dot) com [email concealed]

d3@d Br@iN
"i thought i would change the world, But they wouldnt gimme the source Code !!"
------------------------------------------------------------------------
-------------------------------------------
On 5/25/07, Vijay Mukhi <vmukhi (at) vsnl (dot) com [email concealed]> wrote:
> Dear All
>
> I know of companies that have been received the ISO 27001 certificate and
> the next day been hacked or their security compromised. For some reason
> there is the belief that if you are certified than you are more secure. At
> least in India this is what senior management think. I believe that over
> time this will give certifications a bad name. How do we delink the fact
> that just because you are certified does not make you more secure. There is
> and can be no magic bullet for e-security that can companies can bite. Any
> responses.
>
> Vijay Mukhi
> CEO
> Counter Espionage Officer
>
>
>
>

[ reply ]
Some more questions May 26 2007 05:10AM
Vijay Mukhi (vmukhi vsnl com) (1 replies)
Re: Some more questions May 26 2007 12:41PM
Andreas Rauer (andreas andreas-rauer de)


 

Privacy Statement
Copyright 2010, SecurityFocus