 |
|
 |
|
|
|
|
|
Copyright © 2013 IsecT Ltd.
|
|
 |
 |
|
Sources of the ISO27k standards themselves
-
ANSI sells “INCITS” versions of ISO/IEC 27001, ISO/IEC 27002 and ISO/IEC 27006 as PDF downloads for just US$30 each. These are the official, legitimate, single-user versions, not pirated rip-offs, and as such are great value. The standards can also be purchased rather more expensively from ISO, from the national standards bodies such as the British Standards Institute and from various commercial organizations. There are several sources so shop around for the best deals, for example on Google.
-
Several national standards bodies release translated versions of the ISO/IEC standards in their own languages. They all go to great lengths to ensure that the translations remain true to the original, causing some delay while the English language versions from ISO/IEC are translated, reviewed and released.
Further info on the ISO27k standards & their implementation
General information security management sources
-
-
A piece by Ted Humphreys explaining the purpose and value of ISO/IEC 27001 might be a good way to introduce the ISO27k concept to your managers. It incorporates endorsements by companies that have benefited from adopting the standards.
-
A ROSI calculator takes user-entered values for Single Loss Expectancy to calculate Annual Loss Expectancy, then assesses the projected annual cost savings due to controls, and finally offsets the cost of those controls to generate the Return On Security Investment - which is fine if you can estimate the costs and effectiveness of your controls ( good luck!).
-
-
A French government website dedicated to information systems security provides, amongst other stuff, the risk assessment methodology EBIOS and associated tool for Windows, Linux ...
-
IT security guidance from the Canadian Government has some interesting documents on risk assessment etc.
-
-
-
Miscellany
-
“ ISO” is not actually an acronym but the official name of the Swiss organization responsible for coordinating the world’s national standards bodies. Joint Technical Committee 1 ( JTC1) looks after ISO’s IT standards while JTC1 Sub Committee 27 ( JTC1/SC27) is specifically responsible for the standards covering IT security techniques. JTC1/SC27 is busy, judging by the number of security papers currently under consideration for encryption, privacy and identity management as well as ISO27k.
-
-
ISSEA (the International Systems Security Engineering Association) is a non-profit professional organization dedicated to the adoption of systems security engineering as a defined and measurable discipline.
-
 IsecT Ltd. owns and operates this website along with several others including our corporate website, NoticeBored (our innovative ISO27k-aligned security awareness subscription service) and SecurityMetametrics describing PRAGMATIC security metrics.
|
|