For years, organizations have been searching for an objective benchmark to measure the security of potential business partners and to distinguish the quality of their own services. While not perfect, ISO 17799 is emerging as the standard of choice because it overcomes many of the critical deficiencies of SAS 70. Specifically, it provides a comprehensive set of security-related topics and an objective means of measuring compliance. The certification mechanisms prescribed by the standard are largely unworkable and will not make economic sense for most organizations to pursue. Nevertheless, if compliance rather than certification is one's goal, ISO 17799 will serve as a sound security-baseline for many organizations.
Did you find this white paper useful?
Related white papers
Compliance: The California Security Breach Notification Act (SB 1386)
The California Security Breach Notification Act states that any business or agency that uses a computer to store confidential personal information about a California resident must immediately notify that individual...
Compliance: SEC 17a-4/NASD 3010/3110
In the wake of the 1928 stock market crash and the uncovering of widespread securities fraud, the U.S. Congress enacted the Securities Exchange Act of 1934. The Act seeks to...
Combating Fraud and Improving Claims Processes in SMB Insurance
IBM understands the increasing threats facing insurance companies and offers proven solutions to capitalize on a variety of risks. This executive kit contains articles related to claims management, insurance fraud...
Governance, Risk, and Compliance: A Practical Guide to Points of Entry
The implementation of new initiatives in Governance, Risk, and Compliance (GRC) may be an overwhelming prospect for many organizations. With multiple views and aspects of GRC, it can be difficult...
Stock Spam: A Classic Scam
The "pump 'n' dump" stock scam has been around since the inception of stock sales. Today, however, after a series of fumbles by amateurs, serious Internet criminals are taking this...
ICD-10: Turning Regulatory Compliance Into Strategic Advantage - Are U.S. Health Plans and Providers Ready for ICD-10 Adoption?
As if existing IT investments weren't a large enough strain on provider and payor budgets, the U.S. health care industry is facing a new challenge: ICD-10 (International Statistical Classification of...
Benchmarking IT Risk and Compliance
IT Risk and Compliance are critical issues for Senior IT Managers today. Two areas of focus will be presented beginning with the results of Symantec's IT Risk Management Report. This...
