Good Morning
For the 7799 certification you need to show evidence that the business
decided on using a particular technology that falls within acceptable
levels of risk. Remember the business defines the risk levels. Risks
must be identified, mitigated, accepted or transferred with supporting
evidence.
You cannot fail a company because of their choice of technology. In fact
is not even about the technology but more the management of the risk. My
advise to you is that if the business chose skype, ensure that the
supporting processes, secure configuration standards and acceptable use
policy in place. This will show that the technology is managed and the
risks identified. Also consider a readiness audit before you go for
certification.
Regards
Wynand Pretorius
CISSP CISA CISM ISO 27001 Lead Auditor
Manager
Enterprise Risk Services
Deloitte & Touche
Tel switchboard +27 (0)11 806 5000
Email: wpretorius@deloitte.co.za
World Wide Web http://www.deloitte.com
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Javier O. Augusto
Sent: 17 July 2007 03:34 AM
To: pen-test@securityfocus.com
Subject: Re: Skype use obligation - Security x Productivity
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
M.B.Jr. wrote:
> [..] What to do? Risk their efforts in obtaining ISO certification?
> Guess we need to hear some other professionals.
>
> Thank you, any comment will be extremmely useful.
>
Greetings,
You're better off sending this question to "bs7799@securityfocus.com"
Anyway, remeber that ISO 17799 guidelines says measurements are not
mandatory...
HTH.
Jay_of_Today
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
iD8DBQFGnByBdzPeqPICKQkRAq2bAJkB4Ew5A4vpofU6b08NhnM421Y3AgCgjusw
buPeMOm5jkURv7t+K8LGz9E=
=ZOuq
-----END PGP SIGNATURE-----
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for Cenzic's robust,
accurate risk assessment and management solution FREE - limited Time
Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
Important Notice: This email is subject to important restrictions,
qualifications and disclaimers ("the Disclaimer") that must be accessed and
read by visiting our website and viewing the webpage at the following address:
http://www.deloitte.com/za/disclaimer. The Disclaimer is deemed to form part
of the content of this email in terms of Section 11 of the Electronic
Communications and Transactions Act, 25 of 2002. If you cannot access the
Disclaimer, please obtain a copy thereof from us by sending an email to
ClientServiceCentre@Deloitte.co.za.
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Swap Out your SPI or Watchfire app sec solution for
Cenzic's robust, accurate risk assessment and management
solution FREE - limited Time Offer
http://www.cenzic.com/c/wf-spi
------------------------------------------------------------------------
|