Security building blocks with ISO 17799
This presentation by Michael Rasmussen, Principal Analyst, Forrester Research, was given at
Decisions Spring 2005.
In many enterprises, information security is characterized as a "fly
by night operation," or
operating in the dark. Historically, information security has been tactical and reactive as opposed
to managed and measured. Increased accountability, liability and regulatory compliance along with
the complexity of today's businesses are forcing enterprise security managers to align, manage and
measure security around business operations. But before you can measure anything, you need a solid
security framework. Where do you turn?
One of the more popular frameworks is ISO 17799, the international security management standard.
Although criticized as flawed and incomplete, ISO 17799 has many useful pieces that can help
enterprises better structure their security programs and measure performance. In this session, you
learn A-Z insights on ISO 17799's strengths and weaknesses, and receive practical advice on how to
apply the standard in your own enterprise.
View this presentation
Visit our standards
This was first published in May 2005
Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.