Google Answers Logo
View Question
 
Q: Known Information security management standards ( No Answer,   0 Comments )
Question  
Subject: Known Information security management standards
Category: Computers > Security
Asked by: mohu-ga
List Price: $60.00		 Posted: 26 Oct 2005 05:14 PDT
Expires: 25 Nov 2005 04:14 PST
Question ID: 585063 
I?m looking for a list of various Information Security Management
Standards, such as ISO 17799, COBIT, NIST, and much more. What are
their major differences and goals?
Request for Question Clarification by pafalafa-ga on 26 Oct 2005 05:31 PDT 
mohu-ga,

There's a pretty good, pretty recent comparison presentation of ISO
17799, COBIT, NIST, ITIL, CSIRT, SANS, MITRE and a few others:


http://www.scienton.com/7799ug/docs/June14-05_JFL.pdf


Please have a look, and let me know how well this meets your needs,
and what sort of additional information you'd need to make for a
complete answer to your question.

Thanks,


pafalafa-ga
Clarification of Question by mohu-ga on 26 Oct 2005 06:21 PDT 
The link below is more focused on explaining ITIL modules in regards
to security standards.

I already found many of used standards, COBIT, COSO, ISO 17999,
Australian standard 17799, NIST 800.xx, ISO/IEC 13335, SYSTrust, ISF,
Practice ITIL, BSI, Basel II, Sarbanes-Oxley Act, MITS, NSA security
configuration, and others. That is a big list :-(

Need to know how they?re categorized, based on what, what is the major
goal of each, and differences between them (usage, implementation,
integration, validity, etc..)
Request for Question Clarification by pafalafa-ga on 26 Oct 2005 06:44 PDT 
Thanks for the clarification.

This paper:


http://www.sandia.gov/scada/documents/sand_2002_0131.pdf
An Introduction to Information Control Models


appears to cover all the major Security Management models, with a
description of each, and a cross-model comparision.

At 88 pages, it might be more information than you had in mind, but
then again, perhaps not.

Take a look, and let me know what you think.

paf
Clarification of Question by mohu-ga on 27 Oct 2005 01:11 PDT 
That is a good start! The document describes controls implementation,
but it doesn?t show usage differences as [category (government,
business, industry, etc...), Major differences, reason for accepting
one standard over the other, trend compared to others]

The focus is on capturing details of each compared to others.
Clarification of Question by mohu-ga on 31 Oct 2005 02:14 PST 
Hi,

Any update on this?
Clarification of Question by mohu-ga on 08 Nov 2005 23:56 PST 
Hi,

Ok, are you able to find me the categrory differences. Where each can be applied?

Thanks,
Request for Question Clarification by pafalafa-ga on 09 Nov 2005 04:02 PST 
mohu-ga,

I've only come across a handful of documents that discuss the
particulars of the various standards in any detail.

But as far as I can see, they really don't get into the type of
comparative assessment you're looking for -- differences in usage, and
rationale for choosing one standard over another.  Instead, they focus
on descriptions of the different systems, along the lines of the
documents I already linked you to.

I'll let you know if anything else comes up.  

pafalafa-ga
Answer  
There is no answer at this time.

Comments  
There are no comments at this time.
Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy