BS7799 may not be the most riveting document ever written, and it's unlikely to keep you turning the pages on a long flight, but it is one of the most exacting and influential of the international standards in information security management, and is likely to be used as the base standard around the world. Companies that trade in the UK or with UK companies must work towards it, or face exclusion from contracts with any government body and most major companies. Not only do companies need to conform in order to stay in business, but by conforming, they will become far more resilient in the increasingly dangerous information security world.
Meeting the Standards
BS7799 is an evolving code that is divided into two parts. Part 1 contains guidance and explanatory information;
part 2 demonstrates how a company can set up and run an effective "Information Security Management System" (ISMS). The full specification is at www.bsi-global or www.iso.ch.
To gain BS7799 certification a company must show in an organised and codified manner that its ISMS meets the organisation's information security needs. Accreditation is undertaken by a UK Accreditation Service (UKAS) accredited body, which conducts an independent formal review of the ISMS. The review focuses on three questions:
Has this company covered all parts of BS7799?
Is the company's interpretation of the code relevant to its needs?
Is its ISMS being followed in practice, not just on paper?
As part of the audit, the company needs to complete a Statement of Applicability that lists all the requirements in BS7799 Part 2, with an explanation of how it complies with them and a justification for any deviations it may have. This document must be kept up to date and be relevant to the company's needs.
In addition, the comapny needs to demonstrate that it has a system of scheduled internal audits for the whole ISMS over a reasonable period of time. These audits must be recorded and usually will involve a standard checklist.
Next Generation ALM: Automating the Entire Build and Release Process As more and more software development shops adopt Agile processes, fully automating the build and release management processes becomes a critical element of Application Lifecycle Management (ALM) strategy. Join Forrester Senior Analyst Jeffrey Hammond and Anders Wallgren, CTO from Electric Cloud, as they discuss release management best practices and how to get started.
Wednesday, November 19, 2008. 11AM PT/2PM ET
Creating Common and Scalable SOA Solutions for the Enterprise Leveraging an Enterprise Service Router (ESR) Creating Common and Scalable SOA Solutions for the Enterprise Leveraging an Enterprise Service Router (ESR)
Despite the many emerging instances of SOA today, the ability to leverage common services and a common metadata layer in a secure and scalable manner is paramount, but rarely addressed. In this webinar, Intel discusses the core issues and opportunities behind the quest to provide a common services and information management layer, and explore a new architectural component called an Enterprise Service Router.
Thursday, November 13, 2008. 11AM PT/2PM ET
In this volume of Best of BYTE, we explore the emergence of some heuristic algorithms. Although we have only scratched the surface of this intriguing subject, we hope we've suggested the potential of the synthesis of heuristics and algorithms.
Understand C/C++ code in less time. A new team member ? Inherited legacy code ? Get up to speed faster with Crystal Flow for C/C++. Code-formatting improves readability. Flowcharts are integrated with code browser. Export flowcharts to Visio.
