Security risk analysis is a basic requirement of ISO 17799 and is referenced throughout the standard. Various resources are available to assist with this. However, COBRA provides not only a comprehensive and flexible approach to risk analysis, but is very straightforward to use. The ISO17799 compliance solution described earlier on this web site is also an integral feature.
For information on COBRA and security risk analysis, visit ===> here
To download COBRA for evaluation, visit ===> here
ISO17799 STARTER KIT
The ISO17799 Toolkit is basically a starter pack for the standard. It contains a number of key elements: the standard itself; a set of hundreds of security policies compliant with, and referenced to, ISO1799; a road map for certification; an audit kit for section 12; a presentation on the standard, a business continuity kit; and so on.
For further information visit ===> here
ISO 17799 is very clear with respect to security policies: "Management should set a clear policy direction and demonstrate support for, and commitment to, information security through the issue and maintenance of an information security policy across the organization". However, developing and deploying ISO17799 compliant security policies can be a formidable exercise. Fortunately, a set of fully ISO17799 compliant policies has already been developed, as has an optional interactive deployment mechansism.
For information on the ISO17799 security policies, and the deployment method, visit ===> here
To download both or either for evaluation, visit ===> here
THE ISO 17799 STANDARD
The ISO 17799 standard itself can be downloaded and bought from the BSI/Matrix0 Electronic Shop.
The e-Security Toolkit comprises security questionnaires and checklists with which to audit or review e-security systems. It covers LAN/networks, firewalls, internet, data access, etc.
For further information, visit ===> here