Adam Caudill

Security Leader, Researcher, Developer, Writer, & Photographer

ISO 17799

Certifications are good things, or so I’ve always thought. Though the more work I do to help achieve ISO 17799 compliance, I’m beginning to dislike them. This has been steadily adding work since I started this job in December, but now that we are only a couple weeks away from what should be our final audit, the work is coming a lot faster. We’re working to ensure everything we have in production meets the requirements of the standard, which has proved to be rather difficult.

The primary issue has been in data access, eliminating all direct SQL queries, and replacing them with stored procedures. While this isn’t that difficult, when there are dozens of systems that need updates, it adds up surprisingly quick.

Security is always a good thing, and when dealing with sensitive personal information of thousands of people, it’s very important. So I’m not complaining about the security required, but when you are trying to cleanup from years of more relaxed practices, it takes a surprising amount of work.

Adam Caudill


Related Posts

  • A Secure Mentality

    My employer recently completed the final audit to confirm ISO 17799 compliance, the process was a real eye opener. In a process that should have been fairly short & painless, the ordeal lasted close to a year, with me joining the company just before the second, and largest audit. That made my first few weeks rather interesting, to say the least. While 17799 does have some complex requirements, most of the issues found had more to do with the overall mentality than with the true technical issues involved.