Abstract: . . .  interoperability, and reduce redundancy. The resultant ISMS typically consists of tactical, risk based: • Security requirements that can be attained and audited . • Security functions that can be implemented and improved . • Security responsibilities that can be assigned and accounted for. • Security activities that can be defined and scheduled . Applied to discrete and defined security domains, this produces domain specific, operational, and auditable: • Security specifications that may be used to procure and configure tools. • Security procedures that document repeatable methodologies. • Security duties that assign responsibilities to individuals. • Security schedules that assign roles to perform tasks. Process versus Product There is misunderstanding in the industry regarding both the approach, and level of effort required to implement either an ISO 17799 based Information Security Program or a BS 7799-2 certified Security Domain. Many organizations simply wish to start with a “standards based” information security infrastructure, unable to justify the extra effort required for certification. This “standards based” infrastructure will nevertheless leave them well poised to proceed toward certification should the business requirement emerge. Page 15 Copyright 2005 – HotSkills, Inc. Not to be duplicated or distributed without the express written consent of HotSkills, Inc. 14 Other organizations are misled into believing that the purchase of a “product” will automatically make . . .
. . .  worked with multiple government agencies on a variety of mission critical projects, as well as security solutions for the private sector. His area of expertise is in Information Security Management Systems and Risk Management. Tom has a B.S. in Electrical Engineering, as well as various certifications. Page 18 Copyright 2005 – HotSkills, Inc. Not to be duplicated or distributed without the express written consent of HotSkills, Inc. 17 About HotSkills HotSkills, Inc. is the only ISO 17799 Associate Consultancy of both the British Standards Institute (BSI) and Bureau Veritas Quality Institute (BVQI) in North America. HotSkills provides Information Protection & Assurance (information security, data privacy, risk management, audit assurance) advisory services, training, and Subject Matter Expert staff augmentation, in order to help businesses design, develop, implement, and maintain quality-based and certifiable Information Security Management Systems (ISMS). For more information, visit www.hotskills-inc.com .  . . .
--3000,2,750,2676,34685