PaulDotCom mailing list archives
Re: ISMS Framework - the big picture
From: Arch Angel <arch3angel () gmail com>
Date: Sun, 08 Sep 2013 21:24:20 -0400
ISO 27001 is a standard rather than a framework and it is not published by BSI. BSI is a certifying body, and is the primary body for an organizations site certification. BSI is also one of the key parties who sit around the table to develop changes. ISO 27002 is the control examples which one might use to accomplish the ISO 27001 certification, but keep in mind 27002 is not a required piece of documentation, it's only meant to help you. Also keep in mind that ISO 27001 will soon be released later this year. If you look up ISO 27001 right now you will find the standard written as ISO 27001:2005 which indicates the year it was revised. The release coming later this year, ISO 27001:2013, has reduced the control from 133 (I believe) to 113'ish but it has focused greatly on business continuity plans and testing as the previous one just asked if it is present and tested. The biggest thing to remember about ISO 27001 is that everything must be documented and what's documented must be what's actually taking place. Here are some questions I have for you: Are you doing business with, or expecting to do business which requires ISO 27001 certification? Have you defined the scope of your ISO 27001 program? (Smaller the better for certification) Are you doing this just to fall into a better security posture or as a general security guideline for the organization? We are ISO 27001 certified and our organization is in the process of revamping the entire program, I am also an ISO 27001 auditor. I would be more than happy to discuss ISO 27001 with you as well as help you get documentation for your CIO. Shoot me a direct email and I'll give you my office contact information so we can talk in more detail about what you need and how to find it. -- Thank you, Robert Miller http://www.armoredpackets.com Twitter: @arch3angel On 9/5/13 7:05 PM, marck e. wrote:
Our new CIO has asked us for our information security management framework. No endless security risks matrix ,just the big picture preferably with nice pictures. I'm having a hard time finding a picture of ISO 27001 that talks thousands of words. What I ve found so far doesn't convince me, here they are some picks: http://www.wtc-india.com/images/informatiaonsecurity2.jpg http://aset.azdoa.gov/sites/default/files/media/pics/EA%20Target%20Security%20Architecture.gif Any help? Any other information security framework picture? thanks Marck _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- ISMS Framework - the big picture marck e. (Sep 06)
- Re: ISMS Framework - the big picture Dimitrios Kapsalis (Sep 07)
- Re: ISMS Framework - the big picture Jon Molesa (Sep 07)
- Re: ISMS Framework - the big picture KP (Sep 08)
- Re: ISMS Framework - the big picture Tim Krabec (Sep 08)
- Re: ISMS Framework - the big picture Arch Angel (Sep 09)