Search in ISMS Guides


Monday, August 6, 2007


We are sometimes asked about the role of software/products with respect to ISO17799, particularly the two most well known offerings, COBRA and The ISO17799 Toolkit. Where do they fit in? Are they competitor products or do they compliment each other? How do they help?

The truth is that they fulfill completely different needs:

B) COBRA is designed to help you manage that compliance. It takes you through the standard and ultimately measures your compliance level, pointing out where you fall short. Quite apart from this it is one of the most widely used (possibly THE most widely used) risk analysis systems in the world... and bear in mind that risk analysis is integral to the requirements of the standard... references to 'as determined by risk assessment' are almost interwoven.

In essence therefore, one product gets you started, the other helps you manage.

A) The ISO17799 Toolkit on the other hand comprises the basic building blocks: the standard itself (both parts), 17799 cross referenced security policies, and so on. It is intended to 'get you going' on the right path straight away, by providing some basics, as well as guidance and explanations by way of a presentations, glossary, roadmap, etc. It can basically be seen as an introduction and starting pack for compliance with the standard.

From :

No comments: