ISO 17799 - ESTec Security

By: Estec Security  09-12-2011
Keywords: Iso, Security Management, risk assessment

ISO 27001 / ISO 17799 / BS 7799

These standards are the gold standard for Information Security Management Systems. Properly implemented ISO 27001 / ISO 17799 / BS 7799 allow your organization to achieve a constantly improving level of information security. While ISO 27001 / ISO 17799 / BS 7799 do not in themselves prevent intrusions and data loss, they provide a management structure that ensures a reasonable level of information security for your organization. ESTec has certified ISO 27001 / ISO 17799 / BS 7799 auditors who can assist your organization to prepare for and achieve registration as an ISO 27001 / ISO 17799 / BS 7799 compliant organization, or if registration is not important to you we can assist you to set up an ISO 27001 / ISO 17799 / BS 7799 complaint management structure that would facilitate a future registration.

The standards are similar to the ISO 9000 series of quality management standards. ISO 27001 / ISO 17799 / BS 7799 require management to make a commitment to information security and then to regularly review how the organization is achieving that commitment. This is done through risk assessment, and incident handling. A risk assessment allows management to prioritize protection activities and incident handling allows the organization to evaluate how successful it has been in achieving the priorities.

The benefit of ISO 27001 / ISO 17799 / BS 7799 to the organization is better control over information security and a more defensible company if you are ever sued for a disclosure of personal or confidential information. Over 30 countries either require ISO 27001 / ISO 17799 / BS 7799 certification for some organizations, or are considering requiring ISO 27001 / ISO 17799 / BS 7799 certification. If your organization handles personal information, financial information about private individuals, processes data for other companies, or is regulated in any way you should seriously evaluate what ISO 27001 / ISO 17799 / BS 7799 can offer you.

For more information on making your organization compliant with the standards or achieving registration, please contact one of our certified auditors.

SOX Compliance

Another benefit to ISO 27001 / ISO 17799 / BS 7799 certification is that it provides an externally verified way of showing SOX Compliance in the information security areas. An organization can expand the scope of ISO 27001 / ISO 17799 / BS 7799 to include areas beyond the basic information security management to include other areas of compliance. This can greatly help an organization to demostrate to regulaors, investors and others that compliance has been achieved and is being actively managed.


Implementing ISO 27001 / ISO 17799 / BS 7799 requires a significant commitment of resources. Skills in ISO 27001 / ISO 17799 / BS 7799 are in very short supply. Our ISO 27001 / ISO 17799 / BS 7799 certified personnel can provide a technology transfer to your organization by giuding your IT department through the implementation process. We can also offer certified ISO 27001 / ISO 17799 / BS 7799 auditors to assist your internal audit department in monitoring the implementation of ISO 27001 / ISO 17799 / BS 7799.

Keywords: Information Security, Iso, risk assessment, Security Management

Other products and services from Estec Security


Incident Response - ESTec Security

With the cooperation of the security department of the computer's company, the offender's machine was seized, and an image of the hard drive given to our investigator.A log of the event from both the attack machine and the victim machine was turned over to the FBI.


Vulnerability Assessment - ESTec Security

ESTec has experience reviewing systems with widely ranging sensitivities, ranging from Internet Banking to e-commerce to proprietary internal systems. Using industry-standard tools, a trained auditor reviews each machine, identifying all the services offered by the computer. A vulnerability assessment reviews the configuration of a computer or group of computers to identify known vulnerabilities.


Security Awareness Programs - ESTec Security

The consultant presented the courses and also trained the trainers to give the courses to existing pwersonnel or to new personnel entering the workforce.The initial testing of the courses received such high reviews that management rolled out the course to 20,000 users, 1,000 managers, and 400 systems administrators.


Penetration Testing - ESTec Security

Customer: Major American Power and Gas UtilityServices: Penetration Test the SAP Accounting systemProblem: The utility was preparing to convert all accounting functions to SAP R/3. The penetration testing methodology used by ESTec ensures that all potential weaknesses are tested, including all currently identifiable vulnerabilities.