Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: ISMS Framework - the big picture
From: Arch Angel <arch3angel () gmail com>
Date: Sun, 08 Sep 2013 21:24:20 -0400

ISO 27001 is a standard rather than a framework and it is not published
by BSI.  BSI is a certifying body, and is the primary body for an
organizations site certification.  BSI is also one of the key parties
who sit around the table to develop changes.  ISO 27002 is the control
examples which one might use to accomplish the ISO 27001 certification,
but keep in mind 27002 is not a required piece of documentation, it's
only meant to help you.  Also keep in mind that ISO 27001 will soon be
released later this year.  If you look up ISO 27001 right now you will
find the standard written as ISO 27001:2005 which indicates the year it
was revised.  The release coming later this year, ISO 27001:2013, has
reduced the control from 133 (I believe) to 113'ish but it has focused
greatly on business continuity plans and testing as the previous one
just asked if it is present and tested.  The biggest thing to remember
about ISO 27001 is that everything must be documented and what's
documented must be what's actually taking place.

Here are some questions I have for you:

    Are you doing business with, or expecting to do business which
    requires ISO 27001 certification?

    Have you defined the scope of your ISO 27001 program?
        (Smaller the better for certification)

    Are you doing this just to fall into a better security posture or as
    a general security guideline for the organization?

We are ISO 27001 certified and our organization is in the process of
revamping the entire program, I am also an ISO 27001 auditor.  I would
be more than happy to discuss ISO 27001 with you as well as help you get
documentation for your CIO.

Shoot me a direct email and I'll give you my office contact information
so we can talk in more detail about what you need and how to find it.

-- 

Thank you,

Robert Miller
http://www.armoredpackets.com

Twitter: @arch3angel


On 9/5/13 7:05 PM, marck e. wrote:
Our new CIO has asked us for our information security management
framework.
No endless security risks matrix ,just the big picture preferably with
nice pictures.
I'm having  a hard time finding a picture of ISO 27001 that talks
thousands of words.

What I ve found so far doesn't convince me, here they are some picks:

http://www.wtc-india.com/images/informatiaonsecurity2.jpg
http://aset.azdoa.gov/sites/default/files/media/pics/EA%20Target%20Security%20Architecture.gif

Any help? Any other information security framework picture?

thanks

Marck




_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]