Re: ISO27002 vs ISO27006

[Leon DuPree <duprleo () GMAIL COM>]

Question does anyone use  Qradar Dashboards Reporting for Complaince to
HIPAA  & Sox?
It looks like those together would provide me with a Baseline to satify CMS
and IRS Compliance for capturing log events


Leon DuPree

On Mon, Sep 15, 2014 at 7:23 AM, Dan Sarazen <dsarazen () brandeis edu> wrote:

> Good Morning,
>
> I have a school (Not Brandeis) that is using ISO27006 as the foundation
> for their Information Security Policy. I'm used to seeing IS policies based
> on ISO27002 or even the NIST 800 series. My understanding of ISO27006 is
> that it outlines the audit processes organizations should use to audit and
> certify their process, versus ISO27002 which is an actual suite of controls
> that should be considered.
>
> Does anyone have any feedback on this?
>
> Thanks
>
> Dan



-- 
Leon DuPree


2 Timothy 2:15 Study to shew thyself approved unto God, a workman that
needeth not to be ashamed, rightly dividing the word of truth.