Security Basics mailing list archives
Re: ISO 27001 mapping to PCI
From: Mike Lococo <mikelococo () gmail com>
Date: Mon, 25 Feb 2008 19:02:30 -0500
What am I missing here? I probably sound real dumb, but why are we mapping standards to each other?I believe that the value of mapping these standards to each other allows for the qualification of the organization against multiple standards without requiring a duplication of efforts. Where standards match other standard's requirements an organization can count those steps as well. Measure twice, cut once.
In particular, folks like to map against ISO 27001/27002 because it's fairly comprehensive. They use it as their common language to refer to all internal security controls, and do all their implementation and audit using that vocabulary. Then when they want to check compliance against another standard, they map it to ISO27001 and end up with a checklist they can pass around internally or query their configuration management database for.
Thanks, Mike Lococo
Current thread:
- ISO 27001 mapping to PCI Jason P. Rusch (Feb 20)
- ISO 27001 mapping to PCI Bowers, Jeramy J (Feb 21)
- Re: ISO 27001 mapping to PCI guiness.stout (Feb 21)
- RE: ISO 27001 mapping to PCI Craig Wright (Feb 22)
- RE: ISO 27001 mapping to PCI Jason P. Rusch (Feb 22)
- RE: ISO 27001 mapping to PCI Jason P. Rusch (Feb 25)
- ISO 27001 mapping to PCI Bowers, Jeramy J (Feb 21)
- Message not available
- Message not available
- ISO 27001 mapping to PCI Harshal Mehta (Feb 21)
- Message not available
- Re: ISO 27001 mapping to PCI p1g (Feb 25)
- Re: ISO 27001 mapping to PCI PCSC Information Services (Feb 25)
- Re: ISO 27001 mapping to PCI Mike Lococo (Feb 26)
- RE: ISO 27001 mapping to PCI Craig Wright (Feb 26)
- Re: ISO 27001 mapping to PCI PCSC Information Services (Feb 26)
- RE: ISO 27001 mapping to PCI Sheldon Malm (Feb 26)
- RE: ISO 27001 mapping to PCI Palmer, Mark (Feb 26)
- Re: ISO 27001 mapping to PCI PCSC Information Services (Feb 25)
- <Possible follow-ups>
- RE: ISO 27001 mapping to PCI Craig Wright (Feb 26)
- RE: ISO 27001 mapping to PCI Sheldon Malm (Feb 26)
- Re: ISO 27001 mapping to PCI W. Lee Schexnaider (Feb 26)
- RE: ISO 27001 mapping to PCI Craig Wright (Feb 27)
- Re: ISO 27001 mapping to PCI W. Lee Schexnaider (Feb 27)
- RE: ISO 27001 mapping to PCI Sheldon Malm (Feb 26)