Abstract: . . .  basically incomplete, the issue for US interests is whether to pursue compliance with the current standard, or wait for much-needed enhancements. Page 6 Risks [return to top of report] Failure to implement ISO 17799 offers a number of risks, particularly for private sector firms. 1. Competitive Pressure Regardless of any shortcomings, ISO 17799 represents a significant step forward in implementing complete and comprehensive enterprise security. Some firms that elect to implement the standard will attempt to make ISO certification a market differentiator. In a competitive situation where security is a major concern, a firm that adopts ISO 17799 may declare: "We are ISO security certified. Firm X is not." If successful, such a campaign might force Firm X into a hasty, . . .
. . .  G. Barr is a leading business continuity analyst and business writer with more than 25 years' IT experience. A member of "Who’s Who in Finance and Industry," Mr. Barr has designed, developed, and deployed business continuity plans for a number of Fortune 500 firms. He is the author of several books, including How to Succeed in Business BY Really Trying, a member of Faulkner's Advisory Panel, and a managing editor for Faulkner's Security Management Practices . Mr. Barr can be reached at jgbarr@faulkner.com . Site content copyright 2002, Faulkner Information Services. All rights reserved. Return to Security Management Practices Home  . . .
. . .  force Firm X into a hasty, expensive, and less-than-effective catch- up effort. 2. Waiting for the Perfect Standard While the standard itself "needs work," the basic objectives of ISO 17799 (as outlined in Table 1) should be pursued NOW. Waiting for revisions to be completed only delays the provision of greater security. Recommendations [return to top of report] In light of the risks inherent in ignoring ISO 17799 , as well as the standard's incomplete status, here is a list of recommendations: 1. Review the current version of ISO 17799 and Examine Each of the 127 Security Controls. For each control, determine: q Relative importance (either high, medium, or low); and Page 7 q Level of Compliance (either full, partial, or no compliance). Remember : Not all . . .
--2289,3,382,2394,11447