Monday 8 April 2013

ISO 2700x Standards on the Cheap(ish)

Most people agrees that ISO 2700x family of security standards are a good idea. But like James Joyce's Ulysses,  how many have actually read it? 

The big problem is that they are  expensive to acquire. A casual user is probably unwilling to fork out the money. Even in big organizations it can be difficult to get hold of the standards.

The two main standards ISO27001:2005 and ISO27002:2005 each cost  Swiss Francs CHF134.-- (approx $143.00)  each on the ISO store. And there are a lot more standards.

 Recently I discovered that you can purchase the main 27001 and 27002 copies of the standards from ANSI for $30 each. See Useful Links below. This is a big saving compared to the standard ISO price. The main difference is that the branding is from INCITS ((InterNational Committee for Information Technology Standards)). The text itself seems to be the same.  Of the two, the 27002 is the more useful, as it lists many best practice security controls or measures that you can implement in your organization. The other ISO2700X standards are not available so cheaply through ANSI.

You can also download ISO/IEC 27000:2012 "Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary" for free.

Useful Links


Social: DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

No comments:

Post a Comment