BS 7799 COMPLIANCE &
USING THE COBRA METHOD
The BS7799 COBRA Compliance Product
First published in February 1995, BS7799 is a comprehensive set of information security controls. It is intended to serve as a single reference point for identifying a range of controls needed for most situations where information systems are used. BS7799 was significantly revised, extended and improved in May 1999, before being republished as ISO 17799 in Dec 2000. In June 2001, BSI released an electronic version of the standard for online download and purchase (available from the The BSI Electronic Shop)
With BS7799 accreditation and certification schemes now also firmly in place, BS 7799 may ultimately become a benchmark against which all organizations will be measured. There have even been suggestions of mandatory inclusion of an organization’s BS7799 status within its annual report.
But how do you measure your BS7799 compliance level? Thereafter, how should you plan and implement changes to improve the situation? In short, how do you shape up to BS7799 and what can you do to comply?
COBRA BS7799 Consultant is a knowledge based PC product designed to guide you through this exercise. It will carefully measure your compliance, making specific recommendations where appropriate.
Through a series of questions with multiple choice responses, COBRA will take you through the whole of the standard. It will:
- Establish your compliance level for each of the ten categories covered
- Identify which additional controls can be applied to increase compliance and thus improve your security
- Produce a comprehensive and professional report, in business format.
COBRA is extremely easy to use, and requires no prior training. It is extremely flexible, focusing upon your individual needs and culture. Unlike other approaches, it is not just ‘an electronic tick list’. In short, COBRA delivers added value – containing real knowledge and expertise. It acts as a true consultant, but with unquestionable objectivity.
If you wish to gauge your position against the code, or simply wish to improve your security and compliance level, COBRA is the essential aid.
Through an optional Module Manager component, the facility is provided to tailor the system to unique individual requirements or company culture. The questions, reports, underlying profiles and recommendations can all be readily and easily changed using this system.
BS7799 mandates security risk analysis. With COBRA, however, the solution is readily available – the sister component of COBRA BS7799 Consultant is COBRA Risk Consultant… the leading security risk analysis product!