Welcome to this, the sixth edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to the ISO 17799 information security standard.
The information contained is free to our subscribers and provides guidance on a range of practical issues, plus commentary on recent Information Security incidents.
ISO 17799 SOFTWARE
We are sometimes asked about the role of software/products with respect to ISO17799, particularly the two most well known offerings, COBRA and The ISO17799 Toolkit. Where do they fit in? Are they competitor products or do they compliment each other? How do they help?
The truth is that they fulfill completely different needs:
B) COBRA is designed to help you manage that compliance. It takes you through the standard and ultimately measures your compliance level, pointing out where you fall short. Quite apart from this it is one of the most widely used (possibly THE most widely used) risk analysis systems in the world... and bear in mind that risk analysis is integral to the requirements of the standard... references to 'as determined by risk assessment' are almost interwoven.
In essence therefore, one product gets you started, the other helps you manage.
A) The ISO17799 Toolkit on the other hand comprises the basic building blocks: the standard itself (both parts), 17799 cross referenced security policies, and so on. It is intended to 'get you going' on the right path straight away, by providing some basics, as well as guidance and explanations by way of a presentations, glossary, roadmap, etc. It can basically be seen as an introduction and starting pack for compliance with the standard.
For further information on the ISO17799 Toolkit, and to obtain a copy, see: ISO 17799 Toolkit. For COBRA, see: Security Risk Analysis