There are currently, 10 guest(s) and 0 member(s) that are online.
You are Anonymous user. You can register for free by clicking here
Select Interface Language:
ISO 17799 Resources
There are now quite a few BS7799, ISO27001 and ISO 17799 portals on the web offering commercial tools & products. Possibly the most complete is ISO 17799 and ISO 27001 Central.
Call for Papers
We are shortly to launch a content section for papers and articles on ISO 17799 implementation, BS7799, AS4444, ISO 27001, UNE71502, and information security generally. If you have produced a paper and would like us to publish it, please contact us via the feedback form above.
ISO 27001, ISO 27002 & ISO17799 User Group: Forums
17799.Com :: View topic - Interpretation of control A9.4.6 - Segregation of Networks
I think that segregation in networks is one of the most important control in ISO17799.
It isn't just about protecting the core applications or seperating internet and intranets...
Most companies today needs to protect each department from each other so that when one network is compromised, it will be much harder for an employee or an attacker to propagate to other targets within the company.
When we do a pen test.. instead of trying to compromise a secure DMZ directly we will target people who have legitimate access to sensitive systems such as people in operations or development.
Even when development doesn't have direct access to production and all changes have to go through QA... The people in QA only do user acceptance test (UAT), they rarely perform a code security review and look for backdoor or vulnerable code.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum