The big problem is that they are expensive to acquire. A casual user is probably unwilling to fork out the money. Even in big organizations it can be difficult to get hold of the standards.
The two main standards ISO27001:2005 and ISO27002:2005 each cost Swiss Francs CHF134.-- (approx $143.00) each on the ISO store. And there are a lot more standards.
Recently I discovered that you can purchase the main 27001 and 27002 copies of the standards from ANSI for $30 each. See Useful Links below. This is a big saving compared to the standard ISO price. The main difference is that the branding is from INCITS ((InterNational Committee for Information Technology Standards)). The text itself seems to be the same. Of the two, the 27002 is the more useful, as it lists many best practice security controls or measures that you can implement in your organization. The other ISO2700X standards are not available so cheaply through ANSI.
You can also download ISO/IEC 27000:2012 "Information technology -- Security techniques -- Information security management systems -- Overview and vocabulary" for free.
- ISO/IEC 27000:2012 (Free)
- ANSI INCITS/ISO/IEC 27001-2005 ($30)
- ANSI INCITS/ISO/IEC 27002-2005 ($30)
- Ulysses (Priceless)
Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot
Post a Comment