ISO 17799 COMPLIANCE

> OBJECTIVES

Measure the compliance of an organisation against the international norm ISO17799:2005.

> METHODOLOGY

The ISO17799:2005 standard is a worldwide admitted standard used by companies and government as a roadmap to IT security.

The measurement is done through an interview-style audit where the auditor asks various company responsible person to answer some theorical questions about the implemented security controls. Those questions cover the following categories :

• Security Policy
• System Access Control
• Computer & Operations Management
• System Development and Maintenance
• Physical and Environmental Security
• Compliance
• Personnel Security
• Security Organization
• Asset Classification and Control
• Business Continuity Management (BCM)

> BENEFITS

After this project the customer has a clear view on its security level in the main 10 categories of IT security.

This service can also be used to afterward propose to the customer a complete security plan, focusing on the categories where the audit showed a low level.

A light version of this service can be proposed and can be seen as a business enabler for other project.