iso 17799

Download Free ISO27001/ISO17799 Software Development Lifecycle Vulnerabilities Checklist

Controls over data handling.
Are inventories kept up-to-date? Is there an inventory for physical media, especially those that may contain sensitive corporate data? Can an authorized user simply put a diskette in his or her pocket and walk out of the building? How is paper eliminated from the office space? Are shredders used to make removal of sensitive documents from trash cans more difficult?

Weak or missing physical controls.
Are key elements of a network located in a shared location? In many cases, the security of a system may be bypassed by simply booting the system from a floppy diskette. Does the organization require employee identification badges to be worn? More importantly, if employees notice someone walking around the building without a badge, are they trained to question the person or bring his or her presence to someone's attention? These are just a few questions that address physical security concerns that can affect the security of a computer system if left unchecked.

Here's some of the fact:
- ITIL strong in IT processes , but limited in security and system development

- CobiT's trong in IT controls and IT metrics , but does not say how (i.e. proces s flows ) and not that strong in security

- ISO 17799 strong in security controls , but does not say how (i.e. process flows )

Conclusion: