The Wayback Machine - https://web.archive.org/all/20050210060932/http://www.callio.com:80/
 
Home
Callio Technologies BS7799 / ISO17799
About Callio   |   Products and Services   |   BS7799 / ISO17799   |   Partnership   |   Store   |   Expertise   |   Support


BS7799 / ISO17799 Security Software

BS7799 / ISO17799 Secura Demo
Download white papers
Buy BS7799 / ISO17799 Online store 

BS7799 ISO 17799 Security Policies Software

Callio Technologies offers ISO17799 / BS7799-2 compliancy tools as well as expertise in: risk and gap analysis; developing codes of practice and information security management systems; drafting security policies based on the  ISO 17799 / BS7799 standard; security audits; contingency plans; consultation and training in computer risk management.

Our first products, Callio Secura 17799, Callio Toolkit Pro and Callio Toolkit are software that help companies comply with the BS7799 / ISO IEC 17799 information security management standard.

Based on BS7799-2 methodology, Callio Secura 17799 offers a complete set of functionalities to help companies with risk assessment, risk management and document management for BS 7799-2 / ISO17799.

Technological solutions, equipment and products are no longer enough to ensure information security management. Now it's imperative that companies possess effective internal controls on what happens to their information. The solution: BS 7799 / ISO17799.

Callio Secura and Callio Toolkit: BS 7799-2 / ISO17799 compliance software, for better management of your information security.



Français    Español    Deutsch    Italiano    Sweedish    Finnish    Polski    Romana    Русский    Turkish    Latviešu    Български    Dutch    Magyar    Portugueses    Indonesian    Slovene    Bahasa Melayu    Vietnamese    日本語    廣東話    中文(简体)    中國    한국어






Callio Technologies ISO17799 / BS7799

Callio Technologies was created in 2001 and specializes in the field of information security. Its first product, Callio Secura 17799, is software that offers companies the opportunity to comply with the BS 7799 / ISO 17799 information security management standards.

Callio Technologies’ areas of expertise are: risk analysis; developing security codes of practice and information security management systems; drafting security policies based on BS 7799 / ISO 17799; security audits; contingency plans; and training in computer risk management.

Our mission: enable companies to assess, manage and reduce their computer risks. We provide software and other tools that give you decision-making power supported by complete risk analysis.



BS7799 / ISO17799 Products and Services

Callio Secura 17799, our first product, is a Web application that includes all a manager needs to develop, implement, manage and certify an Information Security Management System (ISMS) based on the ISO 17799 / BS 7799-2 standard – the best for information security management available today. With Callio Secura 17799, you apply a practical method of developing, implementing, managing and certifying an Information Security Management System.



Software solutions for BS7799 / ISO 17799

The Callio Secura 17799 software tool is based on the BS 7799 / ISO 17799 international information security standard. The BS7799 / ISO17799 standard defines the requirements related to information security management systems. Its purpose is to enable companies to identify, treat and limit threats to informational assets.



What is BS7799 / ISO 17799?

The BS7799 / ISO 17799 standard was developed to create a common information security structure and cover technical, administrative and legal aspects. Through ten check points, this standard lists the best practices and procedures companies must implement to manage their computer security well. The implementation of the principles laid out in BS 7799 / ISO 17799 makes it possible to detect, analyze and reduce information risks.

The BS7799 / ISO17799 standard contains two parts:
• ISO IEC 17799 Part 1: The Code of practice for information security

• BS7799 Part 2 (BS7799-2): Information security management: Specifications for guidance for use.



ISO/IEC 17799 (Part 1)

The international standard ISO/IEC 17799 was developed by the British Standards Institution (BSI) as BS 7799. It was adopted through a special “fast track procedure” by the JTC 1 (Joint ISO/IEC Technical Committee), concurrently with its approval by the national member institutes of ISO and the IEC.

ISO/IEC 17799 is presented in the form of guidelines and recommendations that were assembled following consultations with big business. The 36 security objectives and 127 security controls contained in ISO/IEC 17799 are divided among ten domains. The following is a brief overview of each of these domains:

1. Security Policy - Provide guidelines and management advice for improving information security.

2. Organizational Security – Facilitate information security management within the organization.

ISO/IEC 17799 (Part 1)

3. Asset Classification and Control – Carry out an inventory of assets and protect these assets effectively.

4. Personnel Security - Minimize the risks of human error, theft, fraud or the abusive use of equipment.

5. Physical and Environmental Security - Prevent the violation, deterioration or disruption of industrial facilities and data.

6. Communications and Operations Management - Ensure the adequate and reliable operation of information processing devices.

7. Access Control - Control access to information.

8. Systems Development and Maintenance - Ensure that security is incorporated into information systems.

9. Business Continuity Management - Minimize the impact of business interruptions and protect the company’s essential processes from failure and major disasters.

10. Compliance - Avoid any breach of criminal or civil law, of statutory or contractual requirements, and of security requirements.



BS 7799-2 (Part 2)

BS7799 provides conditions for information security management. Comprised of the ten domains and 127 controls of the ISO 17799 standard, this reference applies to the development, implementation and maintenance stages of an information security system. Organizations applying for certification are evaluated according to this document.

An organization that bases its ISMS on the provisions in BS 7799 can obtain certification from an accredited body. The organization thereby demonstrates to its partners that its system both complies with the standard and answers the need for security measures as determined by its own requirements.

It is important to understand that an organization that obtains certification is considered ISO 17799 compliant and BS7799-2 certified.

BS 7799 Part 2 provides recommendations for establishing an efficient information security management framework. BS 7799-2 allows the development of an Information Security Management System (ISMS). The development and implementation stages are laid out in detail, as well as those regarding maintenance. At audit time this document serves as the assessment guide for certification.

BS7799 phase 1: Project Initiation: Learn how to get the ISO 17799 implementation project under way: encourage commitment from senior management, choose and train all members of the initial team taking part in the project.

BS7799 phase 2: ISMS Definition: Identifying the scope and limits of the information security management framework is crucial to the project. Learn to define the mandate of the ISMS and to assemble the organization's existing security documents.

BS7799 phase 3: Risk Assessment: Learn why risk assessment is basic to the implementation of an information security management framework. 1) Diagnosis of the level of compliance with ISO 17799 2) Evaluation of the assets to be protected and creation of an assets inventory 3) Identification and evaluation of threats and vulnerabilities 4) Calculation of the associated risk value.

BS7799 phase 4: Risk Treatment: Learn to identify and assess available options for treating risk. Learn how to reduce risk to an acceptable level by selecting and implementing controls.

BS7799 phase 5: Training and Awareness: Employees may represent a weak link in the security chain. Learn how to set up an information security awareness program.

BS7799 phase 6: Audit Preparation: Learn how to authenticate your management framework and to prepare for the visit of an internal auditor for BS 7799-2 certification.

BS7799 phase 7: Audit: Learn more about the steps carried out by external auditors and about BS 7799-2 accredited certification bodies.

BS7799 phase 8: Control and Continual Improvement: Learn how to improve the effectiveness of your ISMS in accordance with the management model recognized by ISO.

 

Available software tools and resources

A range of information security products and services are currently available on the market. Many are based on physical safeguards (locks, gates, fences, extinguishers, guards, etc.) and technical controls (firewalls, biometrics, encryption, etc.). When it comes to adopting administrative safeguards, however, often companies forget how important these are.

But information security isn’t complete without the development and publication of security policies and procedures, or employee awareness and training programs, to name only those. Information security is really an ongoing risk management process and therefore requires tools that meet these needs.

Beyond any doubt, ISO 17799 offers what companies need in order to better manage information security. The best way to implement this standard is to ease the process using multi-user software that will collect the information required and that contains the principal tools that will be needed along the way. Start with a simple and efficient risk assessment tool that generates recommendations based on the ISO 17799 code of practice for each of the informational contexts identified. Add to that a complete methodology, compliance questionnaires, a security policy generator, an integrated document manager, examples, templates and information guides regarding the implementation and audit of ISO 17799 controls, and managers will quickly understand that such a tool can save the company much time and money. This software exists: it is a Web application called Callio Secura 17799, created by Callio Technologies. A demo version of Callio Secura 17799 can be obtained at this address.

 




English   Français   Español   Deutsch   Italiano   Svenska   Finnish   Polski   Romana   Русский   Turkish   Latviešu   Български   Dutch   Magyar   Portugueses   Indonesian   Slovene   Bahasa Melayu   Vietnamese   日本語   廣東話   中文(简体)   中國   한국어   
For total security in business BS7799 / ISO17799