This presentation by Michael Rasmussen, Principal Analyst, Forrester Research, was given at Information Security
Decisions Spring 2005.
In many enterprises, information security is characterized as a "fly by night operation," or operating in the dark. Historically, information security has been tactical and reactive as opposed to managed and measured. Increased accountability, liability and regulatory compliance along with the complexity of today's businesses are forcing enterprise security managers to align, manage and measure security around business operations. But before you can measure anything, you need a solid security framework. Where do you turn?
One of the more popular frameworks is ISO 17799, the international security management standard. Although criticized as flawed and incomplete, ISO 17799 has many useful pieces that can help enterprises better structure their security programs and measure performance. In this session, you learn A-Z insights on ISO 17799's strengths and weaknesses, and receive practical advice on how to apply the standard in your own enterprise.
View this presentation
Visit our standards resource center