Risk Associates

No previous topic


Resources for Security Risk Analysis, ISO 17799 / BS7799
Security Policies & Security Audit

Next topic


security risk analysis, security policies, bs7799, security audit, risk analysis, ISO 17799, IT security policies

Download COBRA
For Evaluation/Trial



Security Risk Analysis

Security Policies

ISO 17799

BS 7799

Security Audit

Security Web Links


Other Useful Links

Disaster Recovery World

ISO17799 Newsletter


BCP Generator
Business Continuity
Interactive Policies
Security Policy World
Internal Audit

"Security Risk Analysis, BS7799, Security Policies and Security Audit Solutions"

The keys to sound security are often considered to be: deployment of a sensible security risk analysis approach, compliance with a recognized standard such as ISO17799 or BS7799, development of comprehensive information security policies and deployment of a detailed security audit programme.

But where to start? Security risk analysis is often presented in a confusing and over-complicated manner, ISO 17799 or BS7799 compliance can seem a daunting task, security policies can be totally ignored in practice, and security audit is sometimes less effective than it should be due to over-stretching of busy audit professionals.

This web site is intended to provide a launch pad to help alleviate these difficulties. For each of these issues in turn, we direct you to a site that details a proven approach and commonly used tool.

Whether you need a security risk analysis method/product, guidance on how to achieve compliance with ISO 17799, BS7799 or your own IT security policies, or whether you simply wish to increase the productivity of your security audit team, the resources below should help.

security risk analysis, security policies, bs7799, security audit, risk analysis, ISO 17799, IT security policies Security Risk Analysis

Before considering HOW to embrace security risk analysis, it is essential to understand WHAT it is. The following site provides an excellent introduction to the topic: Introduction to Security Risk Analysis For a shorter and more sales focused description, visit:

  • Security Risk Analysis Made Easy

The risk analysis methodology outlined by these sites was launched in 1991. It had a dramatic impact and is now used by many major corporations and governments across the world.

security policies, bs7799, security audit Security Policies

Information security policies are all too often well written and then generally ignored. But there are methods to help prevent this and manage compliance enterprise wide. The following site considers a technique and method to help address this frustrating problem: A comprehensive set of ISO 17799 compliant pre-written security policies is available for download from the following site:

ISO 17799, BS7799 ISO 17799 / BS 7799

Compliance with ISO 17799 and BS7799 is of growing importance. But.... it is a substantial task. The scale of the job can be reduced, however, by employing a formal approach and proven product.

The following site describes an approach consistent with that covered above for risk analysis:

BS7799 and ISO 17799 embrace a wide variety of issues. The following covers a wide range of aspects and identifies many compliant resources: The ISO 17799 Directory If you are seeking a copy of the ISO17799/BS7799 standard itself, this can be downloaded and purchased from The BSI Electronic Shop

security audit Security Audit

A security auditor's lot can be a very difficult and overworked one. But it IS possible to make security audit a more managed process and simultaneously improve productivity WITHOUT reducing effectiveness. The following site introduces an automated tool used by many organizations to achieve this:

If, however, you are simply seeking a toolkit of questionnaires and checklists with which to audit or review your e-security, we recommend: For a specialist directory of security and internal audit resources, the following is extensive:


Contact Us Further Information

Getting a handle on security risk analysis, BS7799 / ISO 17799, security policies and security audit is critical in ensuring that appropriate security is delivered as productively and effectively as possible. The above sites should help you to achieve this. If, however, you need further assistance or guidance, please contact us