More on the fun :-( subject of ISO17799

by Anton Chuvakin

Related link:

Some of my blog readers have argued with me - few did so violently - on the role of ISO 17799 standard in security. As I mentioned before, I am still somewhat skeptical about its adoption in the near future. So, this article initially suggested that that its adoption is growing: "In 2002, fewer than 200 organisations worldwide had achieved BS7799 certification, according to the Information Security Management Systems (ISMS) International User Group. Today this number has risen to 1,870."

However, it turned out that US is not in the Top3 standard adopters. While some orgs are using few of the ideas from the ISO documentation, the actual certification is lagging far behind (even behind India...). Any idea why nobody cares to do it? I suspect there is no sufficient pressure or motivation to certify, but the reasons are not entirely clear to me...