Friday, November 2, 2007

ISO 17799 -- it's a control, not a standard

In this quite thorough commentary on ISO 17799, now ISO 27002, the author points out that it is not a standard but rather a set of recommendations. While this may be splitting hairs - 17799 was set out as a set of best practices -nevertheless, the analysis is interesting and useful as it includes suggestions as to how to implement the - uh - standard. ISO 17799 -- it's a control, not a standard

No comments: