Abstract: . . .  Inc. 25 ISO 9001 as a Bellwether for 17799 Adoption of ISO 9001 0 5,000 10,000 15,000 20,000 25,000 30,000 35,000 40,000 1995 1996 1997 1998 1999 2000 2001 Un ited St ates 0 100,000 200,000 300,000 400,000 500,000 600,000 Wo rld wid e United States Worldwide Source: http://www. iso .ch/ iso /en/prods-services/otherpubs/pdf/survey11thcycle.pdf Copyright © 2003, Software Productivity Consortium NFP, Inc. 26 How SPC Helps its Members • We teach BSI’s 5-day information security courses – ISO 17799 : Implementing Information Security Management Systems – BS 7799-2: Auditing Information Security Management Systems • Support evaluation of candidate certification bodies • Help develop required analysis and documentation • Assess compliance using gap analysis between “ideal model” and current implementation • Plan for and review remedial actions • Conduct shadow certification audits Page 14 Page 14 Copyright © 2003, Software Productivity Consortium NFP, Inc. 27 Consortium Membership Copyright © 2003, . . .
. . .  http://www.software.org/pub/externalpapers/ • ISMS International User Group – http://www.xisec.com/ • CSO magazine article March 2003 “Guiding Lite” – http://www.csoonline.com/read/030103/lite.html • Purchase standards – http://webstore.ansi.org/ansidocstore/product.asp?sku= ISO /IEC+1 7799:2000 – http://www.ceem.com/infosecurity_standards.asp • Auditor certification – http://www.irca.org/home.html Page 15 Page 15 Copyright © 2003, Software Productivity Consortium NFP, Inc. 29 Acronyms BS BSI CEO FERPA HIPAA IRCA ISMS ISO RAB ROC SPC UAE UK UKAS US British Standard British Standards Institution Chief Executive Officer Family Educational Rights and Privacy Act Health Information Portability and Accountability Act International Register of Certificated Auditors Information Security Management System International Standards Organization Registrar Accreditation Board Republic of China Software Productivity Consortium United Arab Emirates United Kingdom United Kingdom Accreditation Service United States  . . .
. . .  Management Systems • Support evaluation of candidate certification bodies • Help develop required analysis and documentation • Assess compliance using gap analysis between “ideal model” and current implementation • Plan for and review remedial actions • Conduct shadow certification audits Page 14 Page 14 Copyright © 2003, Software Productivity Consortium NFP, Inc. 27 Consortium Membership Copyright © 2003, Software Productivity Consortium NFP, Inc. 28 For More Information • Presentations and papers on 17799 and 7799 available on Software Productivity Consortium public website – http://www.software.org/pub/externalpapers/ • ISMS International User Group – http://www.xisec.com/ • CSO magazine article March 2003 “Guiding Lite” – http://www.csoonline.com/read/030103/lite.html • Purchase standards – http://webstore.ansi.org/ansidocstore/product.asp?sku= ISO /IEC+1 7799:2000 – http://www.ceem.com/infosecurity_standards.asp • Auditor certification – http://www.irca.org/home.html Page 15 Page 15 Copyright . . .
--3000,3,500,3246,15171