Visitor feedback


	Thanks to those of you who have completed the website visitor survey, we’re getting a better idea of which parts of the site are more or less popular, and hence where we need to make less or more of an effort (or change the site structure: maybe we should drop the least popular pages?).

The texts in red below are genuine requests and comments submitted to the website visitor survey. Our responses follow in black. We really appreciate the feedback and encourage you to let us know what you think. Your improvement suggestions help us decide what to work on next and encourage us to do even more for the community of ISO27k users. If there’s something we’ve missed or got wrong, do let us know. If there’s something you really like, it’s nice to know that too! [There is yet more user feedback on the ISO27k Forum page.]

“This site is really great. it helps budding security practitioners however its too much closed. knowledge is to be shared (i am not against moderation). so please open the group to all. let us moderate the new joinees until they prove genuine. if you say don't have time, pls seek volunteers for this task. if you implement an authenticated website (CMS), these can be easily done.” If only it were simple to ‘implement an authenticated website (CMS)’! Nice idea though, agreed in part. We have now opened the ISO27k Forum to world read. This website has always been, and will continue to be, open to all fans of ISO27k, whether budding or in full bloom. We are not going to open the Forum to world write, however, as the spammers will soon get their fangs into it and novices will swamp us with the most naive questions causing the signal-to-noise ratio to plummet - that's why we pre-qualify Forum members, asking them to confirm their qualifications and willingness to contribute, not just to suck up all the info like black holes. This is a community project that depends on the active involvement and generous contributions from its members. That said, we will look into a CMS such as Joomla or Wordpress, as you kindly suggested.


	“I would add a chat window for interactive sessions with professionals.” We're too busy for much of a chat I'm afraid! If this were a commercial site with sufficient funding to pay for our time, fair enough but it's not. However, we do actively contribute to the ISO27k Forum (along with several other generous infosec pros) and encourage you to join up.


		“Agradecer por la informacion.” Gracias - eres bienvenida a mi amigo.

	“Poor visual appeal” Thanks for the criticism but it's not very helpful: what aspects do you find poor? In what ways are the layout and visual appeal flawed? How, specifically, could we improve the site? Seriously, actionable improvement suggestions are most welcome but you'll need to give us a better clue as to how to improve.

	“A viewing mode for the forums would be nice before signing up.” Yes it would. OK, we have once again opened the forum to world-read. We also have a few example threads listed on the Forum page. Thanks.


	“Make Free T-Shirts :P” That’s a lovely idea but I fear we would have to charge for them as our shoestring budget is stretched very thin.


	“I want to add BCP part in ISO27k Toolkit.” Great! You write it and we’ll add it :-)


		“Very easy, very simple, very effective to start learning wide world of IT security” Interesting perspective! Most people find it quite complicated and difficult to fathom.

	“Overall extremely satisfied. I found the site via Linked In and I like getting the daily dialog & discussions on my email from others in the group.” Great! Do chip-in when you are ready. All opinions valued.


	“Hi, Very nice informative website. As a web designer myself I would only change the layout and format of the website. Have things centralised on the page (with expandable tables as defined in the CSS file)...” I’m struggling a bit with my limited skills and the software tool available, so much as I would like to do this, it may take a while! Thanks though for the suggestion.


	“I would add more samples. Thank you soooo much!” No, thank you! We are happy to continue developing the ISO27k Toolkit and welcome further contributions to it


		“The form [Forum] shall be open to folks those who are intrested in ISMS/ISO standards as well. Making the subscription more difficult is not the right approach to keep spammers away, IMO.” Point accepted - we have relaxed the Forum entry criteria.

	“I would change or add nothing, it's very well done as it is. As long as it's maintained the way it has been, it will continue to serve as an excellent public resource. Keep up the good work!” Many thanks. No big changes planned.


	“I would change the lay out” Err, thanks for the suggestion. A bigger hint as to how to change it might have helped! We have had a few comments like this: please be more specific and we’ll gladly give it more serious consideration.


	“As a representative from one of the largest certified bodies in the world, I would have to say that this is one of the best organized, most informational and helpful webites I have seen on the subject. I point our clients to it frequently when they are looking for help. Keep up the good work!!” Thank you!


			“Content wise website is excellent. Look and Feel of web page may be improved. Example related to Risk Management would be very good move.” Good idea re the example: one day, maybe ... Sorry about the look & feel but given limited free time, we prefer to provide good content than worry too much about the presentation (unless you’re offering to help!).
“Web site is well worth it. I'm studying 27001 as part of a Uni course and fine the site very helpful.” Good luck but don’t forget to spell-check!

		[Wanted:] “A Page for Complete Download section and also some Technical Glossary and Abrev” The complete ISO27k toolkit is available as a single ZIP, and there’s an infosec glossary.

				“I am taking the survey to congratulate you on your website. I’m a security consultant, and find your webpage to be one of the best references. I specially like that you always keep it updated. Cheers!” Thank you sir, and thanks also to those who contribute information. I know the site design is more basic than pretty but I’m glad you find the content useful. Cheers!

	“This is a great resource, and contains the best and clearest information on ISO 27K that I've found to date. Well done, and keep up the good work! I'd like to see some more information on information security roles, what the typical duties are, and how these roles can work best with the rest of the organisation (in a positive way).” Thanks for the suggestions. We have been working on infosec roles and responsibilities but it’s a slow spare-time project.


	[Wanted:] “A good search tool” Good idea! We’ve added a Google search box to the home page.


	“I use your site all the time. It’s the most reliable and up-to-date source of information on the ISO 27000 standards.” We do our best!

“You've got a very good selection of material. Its fantastic to see a consultancy giving back to the infosec community; giving 2700x to the masses. Too many consultancies here in Oz are "standards leeches", relying on mandatory compliance with these standards to sell their services. More like accountants rather than passionate individuals such as yourself. Great work and thank you for sharing.”

“Thank you for your effort and diligence required to maintain this site and its content. I have a keen interest in the ISO/IEC 27K BoK and the information regarding the ISO/IEC 27K series is just great! Keep up the excellent work. You are a providing an important service to security practitioners globally.”

Thank you both! I’m glad you appreciate the passion and the work involved.

[Wanted:] “A secured "sign on" for members, possibly for Forums. I would add the capability for members to create and run SIGs forums for interactive real time Focus discussions amongst members. Thanks for a great Website!” Thanks Virginia. Unfortunately I don’t think the web authoring program I use has that capability. Please join the ISO27k Forum instead and, if you feel the need to create your own break-away forum, Google Groups works well for us, and it’s free!


		“This is a great site to refer when you work on Information Security.” Cheers!

	“I would change the font and the way the website looks. Otherwise its a excellent website. It's very useful for budding security professionals, I very much thank all your team who put excellent effort, time etc. Once again I thank you all.” OK I’ll look for a different font, though I’m not entirely sure how to make the website look better! Cheers anyway.

“I would change nothing, its perfect... please continue.” Perfect eh?! Thanks for the support.

		“The 'Information security risk register - contributed by Madhukar' provided as part of the Toolkit does not work properly in Excel 2000 or 2007. It states that Macros need to be enabled then once opened there do not appear to be any and the Priority fields do not update with colours. The rest of the content is excellent and extremely helpful.” Oh, OK, sorry about that. I’ll take a look. Please email any further bug reports directly to me as I read email much more often than the survey comments.

	“It is just great and I am considering me lucky to have found this site. I will try to contribute once I have some experience.” That’s what we like to hear! Seriously, we very much appreciate the contributions (of experience just as much as $$$!) by our fellow fans of ISO27k. Without your assistance, this project would have folded long ago.


		“A simlistic [sic], easy to read and understand, logical roadmap to certification. i.e. a dummies/idiots guide to gaining certification. Starting at the moment in time the decision is made to go for the certification, right through to the party! Why are all the current guides so complicated ? As an IA consultant I understand it all but I like easy to read and follow plain English, something that is sadly missing in many areas of the IT business world.” Errr, have you actually looked around the site? There are TWO (2) simple, easy to read and understand process diagrams on the site, plus plain English descriptions. I’m sorry if you still find it too complicated - perhaps ISO217k is not for you.

	“I would suggest to have all the standard page overview into a single PDF document so visitor needing an descriptive and understanding of the content can just download the document and then select what s/he need. Many commuter read this type of information off line and it is very handy.” Interesting suggestion. I do have Acrobat and can create PDFs but I’m not (yet) convinced the effort to do so would be worthwhile: if you feel strongly about this, please raise it on the ISO27k Forum.


	“Very easy, very simple, very effective to start learning wide world of IT security.” Thanks for that. It was not our intention to make this a general infosec teaching resource: we were aiming at helping infosec professionals understand and use the ISO27k standards. But it’s good to hear that you find value here.