Saturday, 26 October 2013

ISO 27001:2013, 27002:2013 and James Joyce

The latest versions of the two ISO flagship standards are now available through ISO and other standards organisations such as BSI

They are a bit like James Joyces's novel "Ulysses".  Everybody agrees it's great, but very few have actually read it.

The problem with the ISO standards is that they are expensive. Each one costs in the region of £100 . They are not for the casual user. On the other hand, they will be valid for the next 7 to 8 years, going by the lifespan previous versions. If you are seriously interested in Information Security, you should consider investing.

Of the two, 27002:2013 is probably the more useful. It lists various security controls that could be implemented across a range of areas.

The site gives a good overview of the contents of the 27002 standard.

If you don't want to fork out the money, then consider looking at the NIST special publication series.These are free. Start with Managing Information Security Risk. This is the flagship document in the series. Section 1.3 links to the other important documents within the special publication series. Note that the NIST documents are meant to align with the ISO standards
"The concepts and principles contained in this publication are intended to implement for federal information systems and organizations, an information security management system and a risk management process similar to those described in ISO/IEC standards"

Social: DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot