Saturday 26 October 2013

ISO 27001:2013, 27002:2013 and James Joyce

The latest versions of the two ISO flagship standards are now available through ISO and other standards organisations such as BSI

They are a bit like James Joyces's novel "Ulysses".  Everybody agrees it's great, but very few have actually read it.

The problem with the ISO standards is that they are expensive. Each one costs in the region of £100 . They are not for the casual user. On the other hand, they will be valid for the next 7 to 8 years, going by the lifespan previous versions. If you are seriously interested in Information Security, you should consider investing.

Of the two, 27002:2013 is probably the more useful. It lists various security controls that could be implemented across a range of areas.

The site http://www.iso27001security.com/html/27002.html gives a good overview of the contents of the 27002 standard.

If you don't want to fork out the money, then consider looking at the NIST special publication series.These are free. Start with Managing Information Security Risk. This is the flagship document in the series. Section 1.3 links to the other important documents within the special publication series. Note that the NIST documents are meant to align with the ISO standards
"The concepts and principles contained in this publication are intended to implement for federal information systems and organizations, an information security management system and a risk management process similar to those described in ISO/IEC standards"



Social: del.icio.us DiggIt! Reddit Stumble Google Bookmarks Technorati Slashdot

12 comments:

  1. Useful Information .thanks For sharing information.

    ISO 27001 Certification

    ReplyDelete
  2. Thanks for sharing information about ISO 27001:2013, it was awesome post. This is very useful of Information security management system.

    ISO 27001:2013 Certification Training

    ReplyDelete
  3. Very good post, I was really searching for this topic, as I wanted this topic to understand completely and it is also very rare in internet, that is why it was very difficult to understand.

    ISO 27001:2013 Auditor Training

    ReplyDelete
  4. This comment has been removed by the author.

    ReplyDelete
  5. This comment has been removed by a blog administrator.

    ReplyDelete
  6. Pretty nice post. I just stumbled upon your weblog and wanted to say that I have really enjoyed browsing your blog posts. After all I’ll be subscribing to your feed and I hope you write again soon! ISO 9001 toolkit

    ReplyDelete
  7. Having the great experience to be on your blog. thanks for posting nice information about it. I am very happy to found this post helpful. Iso 27001 Process Definition India

    ReplyDelete
  8. Great job for publishing such a nice article. Your article isn’t only useful but it is additionally really informative. Thank you because you have been willing to share information with us. Read more info about Iso Certification in Dubai

    ReplyDelete
  9. It is truly a well-researched content and excellent wording. I got so engaged in this material that I couldn’t wait to read. Read more info about ISO 9001 certification in Abu Dhabi. I am impressed with your work and skill. Thanks.

    ReplyDelete
  10. I read the above article and I got some unique sort of data from your article about a sleeping pad. It is a useful article to upgrade our insight for us. Appreciative to you for sharing an article like this.Iso 27001 Implementation Chennai

    ReplyDelete
  11. I found decent information in your article. I am impressed with how nicely you described this subject, It is a gainful article for us. Thanks for share it.Iso 9001 Certification In UAE

    ReplyDelete
  12. As Tripwire reports, the Department of Defense has rolled out the CMMC Certification (Cybersecurity Maturity Model Certification) in January of this year.

    CMMC

    ReplyDelete