Access "Perspectives: Lessons learned in BS 7799 certification"
This article is part of the July 2005 issue of Why business managers are a breed of security professional
Earning the BS 7799 certification forces enterprises to get organized. Government regulations are forcing enterprises to develop repeatable, auditable security programs. Many security and risk managers are leaning on accepted standards to build umbrella security programs that encompass numerous best practices, demonstrate security, show repeatable processes for compliance and continual improvement, and better organize security efforts and budgets. My organization, the Bank of Montreal (BMO), is the first Canadian company to receive security certification under BS 7799, the British standard for security and the basis of ISO 17799. The ISO standard doesn't have a certification component, but, as we discovered, BS 7799 Part 2 provides a good framework for organizing security activities and maintaining regulatory compliance. Here are some of the lessons we learned during our certification process: Take the training. The BS 7799 certification bodies offer courses on attaining and maintaining certification—they're well worth the time. You will learn the difference... Access >>>
Premium Content for Free.
Linux's Best Friend
Thanks to YUM, Linux updates are as reliable as Old Yeller.
Corrent's SR110 SSL VPN Web Security Gateway
by Mike Chapple, Enterprise Compliance
Read about Corrent's SR110 SSL VPN Web Security Gateway with Check Point Connectra 2.0.
Intrusion Detection: Tripwire's Enterprise 5.0
by Scott Sidel, Contributor
June 2005 review of Tripwire's Enterprise 5.0
The Business Case for Network Security: Advocacy, Governance and ROI
Read a review of the book: The Business Case for Network Security: Advocacy, Governance and ROI.
Finding a comprehensive identity and access management architecture requires leadership to navigate the technology and implementation labyrinth.
To gain buy-in and support for your security policies, it's best to start at the top.
- Linux's Best Friend
Hot Pick: NetContinuum's NC-1000 Application Security Gateway 4.3
NetContinuum's NC-1000 Application Security Gateway v4.3
nCircle's IP360 Vulnerability Management System product review
Product review of nCircle's IP360 Vulnerability Management System pricing, setup, configuration, assessment, and installation feature information.
Recent Releases: Security product briefs, July 2005
Read about the security products released in July 2005.
Meet the New Champions
CIGNA makes business managers responsible for security.
Seven ways to leverage your infrastructure against spyware.
- Hot Pick: NetContinuum's NC-1000 Application Security Gateway 4.3
Layer 8: When security is a losing battle
Publisher's Note: Security goals
How important is malware defense in the minds of security professionals? You may be surprised by our 2005 Security Priorities survey.
Ping: Karen Worstell
Perspectives: Lessons learned in BS 7799 certification
Bank of Montreal shares seven lessons learned as it achieved BS 7799 certification.
- Layer 8: When security is a losing battle
More Premium Content Accessible For Free
For many security teams, "continuous monitoring" is a vague concept associated with FISMA compliance. A continuous monitoring program can be simple ...
The variety and sheer number of network endpoints, users and devices in the enterprise today is driving IT's demands for enhanced security features ...
Enterprises leverage open source software for the perceived quality of the code, but the Heartbleed flaw has made many question their use of ...